Skip to main content
CVE-2022-40305 CRITICAL POC Act Now

A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Canto
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-25765 CRITICAL POC PATCH THREAT Act Now

The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pdfkit Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
39.4%
CVE-2022-38638 CRITICAL POC PATCH Act Now

Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Casdoor
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-38615 HIGH POC This Week

SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Smartvista Front End
NVD VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-40320 HIGH POC This Week

cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libconfuse Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-3133 HIGH POC PATCH This Week

OS Command Injection in GitHub repository jgraph/drawio prior to 20.3.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Command Injection Drawio
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-40299 HIGH POC PATCH This Week

In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by sdb.cc), which allows local users to gain the privileges of other users via a procedure in a file under /tmp. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Singular
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-40297 HIGH POC This Week

UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Ubuntu Privilege Escalation Ubuntu Touch
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38614 HIGH POC This Week

An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Smartvista Cardgen
NVD VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-38286 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38285 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38284 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38283 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38282 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38281 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38280 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38279 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38278 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylink/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38277 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38276 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38275 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38274 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38273 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list_approve. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38272 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38613 MEDIUM POC This Month

A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Smartvista Cardgen
NVD VulDB
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-38266 MEDIUM POC PATCH This Month

An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tesseract Leptonica Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-36087 MEDIUM POC PATCH This Month

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Oauthlib Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-37299 MEDIUM POC This Month

An issue was discovered in Shirne CMS 1.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Shirne Cms
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2022-36376 CRITICAL Act Now

Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF WordPress Seo
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-2526 CRITICAL PATCH Act Now

A use-after-free vulnerability was found in systemd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Systemd Active Iq Unified Manager +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-2905 MEDIUM POC This Month

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Authentication Bypass Buffer Overflow Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38639 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Markdown-Nice v1.8.22 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Community Posting field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Markdown Nice
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-40317 MEDIUM POC PATCH This Month

OpenKM 6.3.11 allows stored XSS related to the javascript&colon; substring in an A element. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Openkm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-2925 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Appwrite
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-36793 CRITICAL Act Now

Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at WordPress. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Wp Shop
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-36110 HIGH PATCH This Week

Netmaker makes networks with WireGuard. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Netmaker
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-38700 HIGH This Week

OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-38144 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Wpforo Forum
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-38093 HIGH This Week

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in All in One SEO plugin <= 4.2.3.1 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress All In One Seo
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-38070 HIGH This Week

Privilege Escalation (subscriber+) vulnerability in Pop-up plugin <= 1.1.5 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Pop Up
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-37411 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza's Captcha Code plugin <= 2.7 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Captcha Code
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-37405 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mickey Kay's Better Font Awesome plugin <= 2.0.1 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Better Font Awesome
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-35277 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in GetResponse plugin <= 5.5.20 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Getresponse
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-28741 HIGH This Week

aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to missing input validation in v5.x. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal A Hrd
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-26393 HIGH This Week

The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Spectrum Wireless Battery Module Firmware Sigma Spectrum 35700Bax Firmware Sigma Spectrum 35700Bax2 Firmware Baxter Spectrum Iq 35700Bax3 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-38059 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Alexey Trofimov's Access Code Feeder plugin <= 1.0.3 at WordPress. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF WordPress Access Code Feeder
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2022-39846 HIGH This Week

DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Smart Switch Pc
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-39119 HIGH This Week

In network service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36864 HIGH This Week

Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Samsung Email
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-36863 HIGH This Week

A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy