Skip to main content
CVE-2022-36578 CRITICAL POC Act Now

jizhicms v2.3.1 has SQL injection in the background. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jizhicms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36606 CRITICAL POC Act Now

Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ywoa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-36605 CRITICAL POC Act Now

Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ywoa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-29805 CRITICAL POC THREAT Act Now

A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Java Fishbowl
NVD
CVSS 3.1
9.8
EPSS
27.4%
CVE-2022-35167 HIGH POC This Week

Printix Cloud Print Management v1.3.1149.0 for Windows was discovered to contain insecure permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Cloud Print Management
NVD VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-36170 HIGH POC This Week

MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of privileges and arbitrary file deletion. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Igserver
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-36579 HIGH POC This Week

Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Wellcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-36577 HIGH POC This Week

An issue was discovered in jizhicms v2.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jizhicms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-36225 HIGH POC This Week

EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Eyoucms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-36224 HIGH POC This Week

XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Xunruicms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-35909 HIGH POC PATCH This Week

In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Jellyfin
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-2886 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Laravel 5.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Laravel
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-36171 HIGH POC This Week

MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mapgis Igserver
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-2889 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0225. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-36263 HIGH POC This Week

StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Streamlabs Desktop
NVD GitHub
CVSS 3.1
7.3
EPSS
0.4%
CVE-2022-36031 MEDIUM POC PATCH This Month

Directus is a free and open-source data platform for headless content management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35554 MEDIUM POC This Month

Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Smartvista
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-35201 CRITICAL Act Now

Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tenda Ac18 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-0542 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Chatwoot
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-37175 CRITICAL Act Now

Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-23459 CRITICAL Act Now

Jsonxx or Json++ is a JSON parser, writer and reader written in C++. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Json
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34615 CRITICAL Act Now

Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brute Force Mealie
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-36220 CRITICAL Act Now

Kiosk breakout (without quit password) in Safe Exam Browser (Windows) <3.4.0, which allows an attacker to achieve code execution via the browsers' print dialog. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Safe Exam Browser
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-36233 MEDIUM POC This Month

Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ac9 Firmware
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-37254 MEDIUM POC This Month

DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - > System - > system function - > configuration management. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dolphinphp
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-35910 MEDIUM POC PATCH This Month

In Jellyfin before 10.8, stored XSS allows theft of an admin access token. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Jellyfin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-1021 MEDIUM POC PATCH This Month

Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Chatwoot
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-22489 CRITICAL PATCH Act Now

IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Mq
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2022-36157 HIGH PATCH This Week

XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Xxl Job
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-36009 HIGH PATCH This Week

gomatrixserverlib is a Go library for matrix protocol federation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Dendrite Gomatrixserverlib
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-2793 HIGH This Week

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Electric S Proficy
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-2792 HIGH This Week

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Electric S Proficy
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-23460 HIGH This Week

Jsonxx or Json++ is a JSON parser, writer and reader written in C++. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Json
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-2075 HIGH PATCH This Week

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Octopus Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2074 HIGH PATCH This Week

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Octopus Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2049 HIGH PATCH This Week

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Octopus Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2788 HIGH This Week

Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Path Traversal Electric S Proficy
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2022-36008 MEDIUM PATCH This Month

Frontier is Substrate's Ethereum compatibility layer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Frontier
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-34621 MEDIUM This Month

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mealie
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34624 MEDIUM This Month

Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Mealie
NVD VulDB
CVSS 3.1
5.9
EPSS
0.7%
CVE-2022-2790 MEDIUM This Month

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files). Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Electric S Proficy
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2022-2789 MEDIUM This Month

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Electric S Proficy
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-35692 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Adobe Commerce Magento Commerce
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-1901 MEDIUM PATCH This Month

In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Octopus Server
NVD
CVSS 3.1
5.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy