Skip to main content
CVE-2022-36545 CRITICAL POC Act Now

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Edoc Doctor Appointment System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-36544 CRITICAL POC Act Now

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Edoc Doctor Appointment System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-36543 CRITICAL POC Act Now

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Edoc Doctor Appointment System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-37152 CRITICAL POC Act Now

An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vulnerability via "dob" parameter in "/classes/Users.php?f=save_client". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-36683 CRITICAL POC Act Now

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_payment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Task Scheduling System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-36682 CRITICAL POC Act Now

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_student. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Task Scheduling System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-36681 CRITICAL POC Act Now

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Task Scheduling System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-36680 CRITICAL POC Act Now

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Task Scheduling System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-36679 CRITICAL POC Act Now

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Task Scheduling System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-36678 CRITICAL POC Act Now

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Task Scheduling System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-36546 HIGH POC This Week

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Edoc Doctor Appointment System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-36529 HIGH POC This Week

Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Kensite Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-36537 HIGH POC KEV PATCH THREAT This Week

ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Zk Framework
NVD
CVSS 3.1
7.5
EPSS
95.3%
CVE-2022-0217 HIGH POC PATCH This Week

It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Prosody
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2022-36521 HIGH POC This Week

Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cskefu
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-37151 HIGH POC This Week

There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-36226 HIGH POC This Week

SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Siteservercms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-36522 MEDIUM POC This Month

Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Routeros
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-36548 MEDIUM POC This Month

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Edoc Doctor Appointment System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0225 MEDIUM POC This Month

A flaw was found in Keycloak. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Keycloak Single Sign On
NVD GitHub
CVSS 3.1
5.4
EPSS
2.7%
CVE-2022-37150 MEDIUM POC This Month

An issue was discovered in Online Diagnostic Lab Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2915 HIGH This Week

A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Sonicwall Buffer Overflow Heap Overflow RCE +5
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-31773 HIGH PATCH This Week

IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Datapower Gateway
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-25625 HIGH This Week

A malicious unauthorized PAM user can access the administration configuration data and change the values. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Symantec Privileged Access Management
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-0216 MEDIUM POC PATCH This Month

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Qemu Fedora
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2022-36120 HIGH This Week

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Blue Prism Enterprise
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-29850 HIGH This Week

Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure B2236 Firmware Mb2236 Firmware Ms331 Firmware Ms431 Firmware +113
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-30984 HIGH This Week

A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cdm
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-35192 HIGH This Week

D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service D-Link Dsl 3782 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-0084 HIGH PATCH This Week

A flaw was found in XNIO, specifically in the notifyReadClosed method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Integration Camel K Integration Camel Quarkus Single Sign On Xnio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-34303 MEDIUM This Month

A flaw was found in Eurosoft bootloaders before 2022-06-01. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Uefi Bootloader Enterprise Linux Windows 10 Windows 11 +6
NVD
CVSS 3.1
6.7
EPSS
0.8%
CVE-2022-34302 MEDIUM This Month

A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Uefi Bootloader Enterprise Linux Windows 10 Windows 11 +6
NVD
CVSS 3.1
6.7
EPSS
1.0%
CVE-2022-34301 MEDIUM This Month

A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Cryptopro Securedisk For Bitlocker Enterprise Linux Windows 10 Windows 11 +6
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2022-36168 LOW POC Monitor

A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Wuzhicms
NVD GitHub
CVSS 3.1
2.7
EPSS
0.8%
CVE-2022-36542 MEDIUM This Month

An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Edoc Doctor Appointment System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-36547 MEDIUM This Month

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Edoc Doctor Appointment System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-0175 MEDIUM PATCH This Month

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Virglrenderer Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0171 MEDIUM PATCH This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Amd Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38533 MEDIUM PATCH This Month

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Binutils Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35714 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-36121 MEDIUM PATCH This Month

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Information Disclosure Blue Prism Enterprise
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-0207 MEDIUM PATCH This Month

A race condition was found in vdsm. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Vdsm Virtualization Virtualization For Ibm Power Little Endian +1
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2022-0168 MEDIUM PATCH This Month

A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Enterprise Linux
NVD
CVSS 3.1
4.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy