Skip to main content
CVE-2022-37061 CRITICAL POC THREAT Emergency

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Flir Ax8 Firmware
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
99.6%
CVE-2022-36729 CRITICAL POC Act Now

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /librarian/del.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Library Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36728 CRITICAL POC Act Now

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /staff/delstu.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Library Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-36727 CRITICAL POC Act Now

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /staff/delete.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Library Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36725 CRITICAL POC Act Now

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /student/dele.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Library Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-36722 CRITICAL POC Act Now

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the title parameter at /librarian/history.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Library Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-35175 CRITICAL POC Act Now

Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /blotter/blotter.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Barangay Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-2876 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Student Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-35164 CRITICAL POC Act Now

LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Libredwg
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-35154 CRITICAL POC Act Now

Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mall System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-21225 HIGH POC This Week

Improper neutralization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Intel Privilege Escalation Data Center Manager
NVD
CVSS 3.1
8.0
EPSS
1.5%
CVE-2022-37049 HIGH POC This Week

The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tcpreplay Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-37048 HIGH POC This Week

The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tcpreplay Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-37047 HIGH POC This Week

The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tcpreplay Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-37768 HIGH POC This Week

libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libjpeg
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-37062 HIGH POC This Week

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Flir Ax8 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2022-37060 HIGH POC THREAT This Week

FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Flir Ax8 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
15.2%
CVE-2022-35198 HIGH POC This Week

Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Contract Managment System
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-35173 HIGH POC PATCH This Week

An issue was discovered in Nginx NJS v0.7.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-37770 MEDIUM POC This Month

libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Libjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-37769 MEDIUM POC This Month

libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Libjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-2568 MEDIUM POC This Month

A privilege escalation flaw was found in the Ansible Automation Platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ansible Automation Platform
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-25228 MEDIUM POC This Month

CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Candidats
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35213 MEDIUM POC PATCH This Month

Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting (XSS) vulnerability via the function base_url() at /blog/blogpublish.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Ecommerce Codeigniter Bootstrap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-35540 CRITICAL PATCH Act Now

Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Agileconfig
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-36947 CRITICAL Act Now

Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Image Viewer
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-30601 CRITICAL Act Now

Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intel Privilege Escalation Standard Manageability Active Management Technology Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-25899 CRITICAL PATCH Act Now

Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Authentication Bypass Intel Privilege Escalation Open Active Management Technology Cloud Toolkit
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-22730 CRITICAL Act Now

Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Intel Privilege Escalation Edge Insights For Industrial
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-35976 CRITICAL Act Now

The GitOps Tools Extension for VSCode relies on kubeconfigs in order to communicate with Kubernetes clusters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Kubernetes Command Injection Gitops Tools
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-35975 CRITICAL Act Now

The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Gitops Tools
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-35153 CRITICAL PATCH Act Now

FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection PHP Fusionpbx
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-35606 CRITICAL Act Now

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-35605 CRITICAL Act Now

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-35603 CRITICAL Act Now

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-35602 CRITICAL Act Now

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-35601 CRITICAL Act Now

A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-35599 CRITICAL Act Now

A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-35598 CRITICAL Act Now

A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-2874 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Vim
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-35166 MEDIUM POC This Month

libjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libjpeg
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35165 MEDIUM POC This Month

An issue in AP4_SgpdAtom::AP4_SgpdAtom() of Bento4-1.6.0-639 allows attackers to cause a Denial of Service (DoS) via a crafted mp4 input. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-37063 MEDIUM POC This Month

All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting (XSS) due to improper input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flir Ax8 Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2022-35174 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Kirby's Starterkit v3.7.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tags field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Starterkit
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-23182 HIGH This Week

Improper access control in the Intel(R) Data Center Manager software before version 4.1 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Privilege Escalation Data Center Manager
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-21139 HIGH PATCH This Week

Inadequate encryption strength for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Intel Privilege Escalation Wireless Ac 9560 Firmware Wireless Ac 9462 Firmware Wireless Ac 9461 Firmware +6
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-35204 MEDIUM POC PATCH This Month

Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Vite
NVD GitHub
CVSS 3.1
4.3
EPSS
1.1%
CVE-2022-26017 HIGH PATCH This Week

Improper access control in the Intel(R) DSA software for before version 22.2.14 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

Intel Privilege Escalation Driver Support Assistant
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2022-2625 HIGH This Week

A vulnerability was found in PostgreSQL. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PostgreSQL Fedora Enterprise Linux
NVD
CVSS 3.1
8.0
EPSS
1.5%
CVE-2022-34488 HIGH PATCH This Week

Improper buffer restrictions in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Privilege Escalation Intel Buffer Overflow Lapbc510 Firmware Lapbc710 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy