Skip to main content
CVE-2022-36546 HIGH POC This Week

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Edoc Doctor Appointment System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-36529 HIGH POC This Week

Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Kensite Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-36537 HIGH POC KEV PATCH THREAT This Week

ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Zk Framework
NVD
CVSS 3.1
7.5
EPSS
95.3%
CVE-2022-0217 HIGH POC PATCH This Week

It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Prosody
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2022-36521 HIGH POC This Week

Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cskefu
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-37151 HIGH POC This Week

There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-36226 HIGH POC This Week

SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Siteservercms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-2915 HIGH This Week

A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Sonicwall Buffer Overflow Heap Overflow RCE +5
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-31773 HIGH PATCH This Week

IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Datapower Gateway
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-25625 HIGH This Week

A malicious unauthorized PAM user can access the administration configuration data and change the values. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Symantec Privileged Access Management
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-36120 HIGH This Week

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Blue Prism Enterprise
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-29850 HIGH This Week

Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure B2236 Firmware Mb2236 Firmware Ms331 Firmware Ms431 Firmware +113
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-30984 HIGH This Week

A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cdm
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-35192 HIGH This Week

D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service D-Link Dsl 3782 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-0084 HIGH PATCH This Week

A flaw was found in XNIO, specifically in the notifyReadClosed method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Integration Camel K Integration Camel Quarkus Single Sign On Xnio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy