Skip to main content
CVE-2022-36267 CRITICAL POC THREAT Act Now

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Airspot 5410 Firmware
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
53.8%
CVE-2022-2713 CRITICAL POC PATCH Act Now

Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Cockpit
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-2460 CRITICAL POC Act Now

The WPDating WordPress plugin before 7.4.0 does not properly escape user input before concatenating it to certain SQL queries, leading to multiple SQL injection vulnerabilities exploitable by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wpdating
NVD WPScan
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-2269 CRITICAL POC Act Now

The Website File Changes Monitor WordPress plugin before 1.8.3 does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manage_options. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Website File Changes Monitor
NVD WPScan
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-2707 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Online Class and Exam Scheduling System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Class And Exam Scheduling System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-2706 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Online Class and Exam Scheduling System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Class And Exam Scheduling System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-2705 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Simple Student Information System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Student Information System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-2698 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Simple E-Learning System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple E Learning System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-36264 CRITICAL POC Act Now

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Airspot 5410 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2022-2356 HIGH POC This Week

The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress User Private Files
NVD WPScan VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-2703 HIGH POC This Week

A vulnerability was found in SourceCodester Gym Management System. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gym Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2700 HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Gym Management System. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gym Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2367 HIGH POC This Week

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wsm Downloader
NVD WPScan
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-2357 HIGH POC This Week

The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Path Traversal PHP Wsm Downloader
NVD WPScan
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-2704 HIGH POC This Week

A vulnerability was found in SourceCodester Simple E-Learning System. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Simple E Learning System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2699 HIGH POC This Week

A vulnerability was found in SourceCodester Simple E-Learning System. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple E Learning System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-2697 HIGH POC This Week

A vulnerability was found in SourceCodester Simple E-Learning System. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple E Learning System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-36265 HIGH POC This Week

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Airspot 5410 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-2355 MEDIUM POC This Month

The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Easy Username Updater
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-1323 MEDIUM POC This Month

The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Discy
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-2702 MEDIUM POC This Month

A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Company Website Cms
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-35493 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eshop Ecommerce Store Website
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-36266 MEDIUM POC This Month

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Airspot 5410 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-2386 MEDIUM POC This Month

The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Crowdsignal Dashboard
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2701 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Simple E-Learning System. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple E Learning System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-35490 CRITICAL Act Now

Zammad 5.2.0 is vulnerable to privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Zammad
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-2708 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Gym Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-2391 MEDIUM POC This Month

The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Inspiro Pro
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2371 MEDIUM POC This Month

The YaySMTP WordPress plugin before 2.2.1 does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber to change them, and use that to conduct Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Yaysmtp
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2046 MEDIUM POC This Month

The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Directorist
NVD WPScan
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-2426 MEDIUM POC This Month

The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Thinkific Uploader
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2425 MEDIUM POC This Month

The WP DS Blog Map WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Ds Blog Map
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2424 MEDIUM POC This Month

The Google Maps Anywhere WordPress plugin through 1.2.6.3 does not sanitise and escape any of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS WordPress Google Maps Anywhere
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2423 MEDIUM POC This Month

The DW Promobar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Dw Promobar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2412 MEDIUM POC This Month

The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Better Tag Cloud
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2411 MEDIUM POC This Month

The Auto More Tag WordPress plugin through 4.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Auto More Tag
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2410 MEDIUM POC This Month

The mTouch Quiz WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Mtouch Quiz
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2409 MEDIUM POC This Month

The Rough Chart WordPress plugin through 1.0.0 does not properly escape chart data label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Rough Chart
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2398 MEDIUM POC This Month

The WordPress Comments Fields WordPress plugin before 4.1 does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wordpress Comments Fields
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2395 MEDIUM POC This Month

The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Weforms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2372 MEDIUM POC This Month

The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Yaysmtp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-34293 HIGH This Week

wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wolfssl
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-35488 HIGH This Week

In Zammad 5.2.0, an attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zammad
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-35487 HIGH This Week

Zammad 5.2.0 suffers from Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zammad
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-35489 MEDIUM This Month

In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather than only those to which they are assigned. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zammad
NVD
CVSS 3.1
6.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy