Skip to main content
CVE-2022-36262 CRITICAL POC Act Now

An issue was discovered in taocms 3.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Taocms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-36010 CRITICAL POC PATCH Act Now

This library allows strings to be parsed as functions and stored as a specialized component,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Mozilla Code Injection React Editable Json Tree
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-34294 CRITICAL POC Act Now

totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Totd
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-38221 CRITICAL POC Act Now

A buffer overflow in the FTcpListener thread in The Isle Evrima (the dedicated server on Windows and Linux) 0.9.88.07 before 2022-08-12 allows a remote attacker to crash any server with an accessible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft RCE Buffer Overflow The Isle Evrima
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-2812 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Guest Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Guest Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-2314 CRITICAL POC THREAT Act Now

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Command Injection Vr Calendar
NVD WPScan
CVSS 3.1
9.8
EPSS
12.4%
CVE-2022-2180 CRITICAL POC Act Now

The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload RCE CSRF PHP +1
NVD WPScan
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-38359 HIGH POC This Week

Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Eyes Of Network Web
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-38357 HIGH POC This Week

Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable to an iFrame injection attack, via the url parameter of /module/module_frame/index.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP Eyes Of Network Web
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-35624 HIGH POC This Week

In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented packets with SegO > SegN. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nrf5 Sdk For Mesh
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-35623 HIGH POC This Week

In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented control packets and access packets with the same SeqAuth. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nrf5 Sdk For Mesh
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-2818 HIGH POC PATCH This Week

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Cockpit
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-2381 HIGH POC This Week

The E Unlocked - Student Result WordPress plugin through 1.0.4 is lacking CSRF and validation when uploading the School logo, which could allow attackers to make a logged in admin upload arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP E Unlocked Student Result
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-2820 HIGH POC PATCH This Week

Session Fixation in GitHub repository namelessmc/nameless prior to v2.0.2. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Session Fixation Nameless
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2022-2817 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0213. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-2816 HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38223 HIGH POC This Week

There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow W3M Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-2819 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-33990 HIGH POC This Week

Misinterpretation of special domain name characters in dproxy-nexgen (aka dproxy nexgen) leads to cache poisoning because domain names and their associated IP addresses are cached in their. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dproxy Nexgen
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-33988 HIGH POC This Week

dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries, which allows attackers (able to send queries to the resolver) to conduct DNS cache-poisoning attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Request Smuggling Dproxy Nexgen
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-2822 HIGH POC PATCH This Week

An attacker can freely brute force username and password and can takeover any account. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Octoprint
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2821 HIGH POC PATCH This Week

Missing Critical Step in Authentication in GitHub repository namelessmc/nameless prior to v2.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nameless
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-2379 HIGH POC This Week

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Easy Student Results
NVD WPScan
CVSS 3.1
7.5
EPSS
2.8%
CVE-2022-2354 HIGH POC This Week

The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wp Dbmanager
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-38358 MEDIUM POC This Month

Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/admin_notifiers/rules.php and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eyes Of Network Web
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2814 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Simple and Nice Shopping Cart Script and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Simple And Nice Shopping Cart Script
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2811 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Guest Management System. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Guest Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2378 MEDIUM POC This Month

The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Easy Student Results
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2116 MEDIUM POC This Month

The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Contact Form Db Elementor
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-35978 CRITICAL PATCH Act Now

Minetest is a free open-source voxel game engine with easy modding and game creation. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Minetest
NVD GitHub
CVSS 3.1
10.0
EPSS
2.2%
CVE-2022-36525 CRITICAL Act Now

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Buffer Overflow via authenticationcgi_main. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Buffer Overflow Go Rt Ac750 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-36523 CRITICAL Act Now

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to command injection via /htdocs/upnpinc/gena.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link PHP Command Injection Go Rt Ac750 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-24654 MEDIUM POC This Month

Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ata 200 Firmware
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.1%
CVE-2022-2824 MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-33991 MEDIUM POC This Month

dproxy-nexgen (aka dproxy nexgen) forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dproxy Nexgen
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-33989 MEDIUM POC This Month

dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot time) in upstream queries sent to DNS resolvers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Dproxy Nexgen
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-35948 MEDIUM POC PATCH This Month

undici is an HTTP/1.1 client, written from scratch for Node.js.`=< undici@5.8.0` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Node.js Undici
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-2535 MEDIUM POC This Month

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Searchwp Live Ajax Search
NVD WPScan
CVSS 3.1
5.3
EPSS
1.5%
CVE-2022-38368 HIGH This Week

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gateway
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-37401 HIGH PATCH This Week

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Openoffice
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-37400 HIGH PATCH This Week

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Openoffice
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-36006 HIGH This Week

Arvados is an open source platform for managing, processing, and sharing genomic and other large scientific and biomedical data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Arvados
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-2384 MEDIUM POC This Month

The Digital Publications by Supsystic WordPress plugin before 1.7.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Digital Publications By Supsystic
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2152 MEDIUM POC This Month

The Duplicate Page and Post WordPress plugin before 2.8 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Duplicate Page And Post
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-28756 HIGH This Week

The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Apple Privilege Escalation Meetings
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-34711 HIGH This Week

Windows Defender Credential Guard Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-36526 HIGH This Week

D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Authentication Bypass via function phpcgi_main in cgibin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Go Rt Ac750 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-36524 HIGH This Week

D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Static Default Credentials via /etc/init0.d/S80telnetd.sh. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Go Rt Ac750 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-38187 HIGH This Week

Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated attacker to induce Esri Portal for ArcGIS to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Portal For Arcgis
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-33992 HIGH This Week

DNRD (aka Domain Name Relay Daemon) 2.20.3 forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Domain Name Relay Daemon
NVD
CVSS 3.1
7.5
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy