Skip to main content
CVE-2022-30547 CRITICAL POC THREAT Act Now

A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Avideo
NVD GitHub
CVSS 3.1
9.9
EPSS
63.7%
CVE-2022-38667 CRITICAL POC PATCH Act Now

HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Use After Free Crow
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-2842 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Gym Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-35583 CRITICAL POC THREAT Act Now

wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Wkhtmltopdf
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
11.3%
CVE-2022-35150 CRITICAL POC Act Now

Baijicms v4 was discovered to contain an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Baijiacms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-37134 CRITICAL POC THREAT Act Now

D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
21.2%
CVE-2022-34858 CRITICAL POC Act Now

Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Oauth 2 0 Client For Sso
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-2927 CRITICAL POC PATCH Act Now

Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Notrinoserp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36198 CRITICAL POC Act Now

Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bus Pass Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-26842 CRITICAL POC Act Now

A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Avideo
NVD GitHub
CVSS 3.1
9.6
EPSS
2.9%
CVE-2022-28712 CRITICAL POC Act Now

A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Avideo
NVD GitHub
CVSS 3.1
9.0
EPSS
2.4%
CVE-2022-32572 HIGH POC THREAT This Week

An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Avideo
NVD GitHub
CVSS 3.1
8.8
EPSS
22.7%
CVE-2022-32282 HIGH POC This Week

An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Avideo
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-30605 HIGH POC This Week

A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Privilege Escalation Avideo
NVD GitHub
CVSS 3.1
8.8
EPSS
4.1%
CVE-2022-29468 HIGH POC This Week

A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Avideo
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-2594 HIGH POC This Week

The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Advanced Custom Fields
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-2557 HIGH POC This Week

The Team WordPress plugin before 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Team Wordpress Team Members Showcase
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-26061 HIGH POC This Week

A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Heap Overflow Buffer Overflow Hdf5
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-25972 HIGH POC This Week

An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Hdf5
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-25942 HIGH POC This Week

An out-of-bounds read vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Information Disclosure Buffer Overflow Hdf5
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-2930 HIGH POC PATCH This Week

Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Octoprint
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-38668 HIGH POC This Week

HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Crow
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-1930 HIGH POC PATCH This Week

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Eth Account
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-37133 HIGH POC This Week

D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-2551 HIGH POC THREAT This Week

The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Duplicator
NVD GitHub WPScan Exploit-DB
CVSS 3.1
7.5
EPSS
12.5%
CVE-2022-2544 HIGH POC PATCH This Week

The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure WordPress Ninja Job Board
NVD WPScan
CVSS 3.1
7.5
EPSS
3.2%
CVE-2022-2362 HIGH POC This Week

The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based download blocking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Download Manager
NVD WPScan
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-2593 HIGH POC This Week

The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Better Search Replace
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-25812 HIGH POC This Week

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Code Injection Transposh Wordpress Translation
NVD WPScan
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-25811 HIGH POC This Week

The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Transposh Wordpress Translation
NVD WPScan
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-28598 MEDIUM POC This Month

Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Erpnext
NVD GitHub Exploit-DB VulDB
CVSS 3.1
6.1
EPSS
5.0%
CVE-2022-32761 MEDIUM POC This Month

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Avideo
NVD GitHub
CVSS 3.1
6.5
EPSS
2.4%
CVE-2022-28710 MEDIUM POC This Month

An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Avideo
NVD GitHub
CVSS 3.1
6.5
EPSS
2.3%
CVE-2022-2555 MEDIUM POC This Month

The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Yotpo Reviews For Woocommerce
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-2392 MEDIUM POC This Month

The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Path Traversal Lana Downloads Manager
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-2388 MEDIUM POC This Month

The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Coder
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-25810 MEDIUM POC This Month

The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress PHP Transposh Wordpress Translation
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-32772 MEDIUM POC This Month

A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Avideo
NVD GitHub
CVSS 3.1
6.1
EPSS
3.0%
CVE-2022-32771 MEDIUM POC This Month

A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Avideo
NVD GitHub
CVSS 3.1
6.1
EPSS
3.2%
CVE-2022-32770 MEDIUM POC This Month

A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Avideo
NVD GitHub
CVSS 3.1
6.1
EPSS
3.4%
CVE-2022-30690 MEDIUM POC THREAT This Month

A cross-site scripting (xss) vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Avideo
NVD GitHub
CVSS 3.1
6.1
EPSS
83.6%
CVE-2022-2532 MEDIUM POC This Month

The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Feed Them Social
NVD WPScan
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-2383 MEDIUM POC This Month

The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Feed Them Social
NVD WPScan
CVSS 3.1
6.1
EPSS
4.9%
CVE-2022-1932 MEDIUM POC This Month

The Rezgo Online Booking WordPress plugin before 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Rezgo Online Booking
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2932 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository bustle/mobiledoc-kit prior to 0.14.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mobiledoc Kit
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-36251 MEDIUM POC This Month

Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Clinic S Patient Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-34773 CRITICAL Act Now

Tabit - HTTP Method manipulation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Tabit
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-34149 CRITICAL Act Now

Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation Wp Oauth Server
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-2923 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Vim Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-2600 MEDIUM POC This Month

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Auto Hyperlink Urls
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy