Skip to main content
CVE-2022-38297 CRITICAL POC Act Now

UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ucms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-38296 CRITICAL POC Act Now

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Cuppacms
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2022-38292 CRITICAL POC Act Now

SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Senayan Library Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-37860 CRITICAL POC PATCH THREAT Act Now

The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

TP-Link Command Injection M7350 Firmware
NVD
CVSS 3.1
9.8
EPSS
80.0%
CVE-2022-37767 CRITICAL POC Act Now

Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Java Pebble Templates
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-37794 CRITICAL POC Act Now

In Library Management System 1.0 the /card/in-card.php file id_no parameters are vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Library Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-36174 HIGH POC This Week

FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Apple Freshservice Agent
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-36173 HIGH POC This Week

FreshService macOS Agent < 4.4.0 and FreshServce Linux Agent < 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Apple Freshservice Agent Freshservice Probe
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-3178 HIGH POC PATCH This Week

Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-35572 HIGH POC This Week

On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Linksys E5350 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-37797 HIGH POC This Week

In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Lighttpd Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-37734 HIGH POC PATCH This Week

graphql-java before19.0 is vulnerable to Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Java Graphql Java
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-36259 HIGH POC This Week

A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password",. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-36258 HIGH POC This Week

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-36257 HIGH POC This Week

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-36256 HIGH POC This Week

A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-36255 HIGH POC This Week

A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-38304 HIGH POC This Week

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_leave_type.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Leave Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38303 HIGH POC This Week

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /employees/manage_leave_type.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Leave Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38302 HIGH POC This Week

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_department.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Leave Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-38610 HIGH POC This Week

Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editclient.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Garage Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38606 HIGH POC This Week

Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editcategory.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Garage Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38605 HIGH POC This Week

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Church Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-34108 HIGH POC This Week

An issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service (DoS) via a crafted image or video file. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Micro Star International Feature Navigator
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-34109 HIGH POC This Week

An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto\, regardless of file type or size. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Micro Star International Feature Navigator
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-38295 MEDIUM POC This Month

Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cuppacms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-38291 MEDIUM POC This Month

SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Senayan Library Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-1700 CRITICAL Act Now

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E),. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Cloud Security Gateway Data Loss Prevention Email Security One Endpoint With Policy Engine +1
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-37300 CRITICAL PATCH Act Now

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ecostruxure Control Expert Ecostruxure Process Expert Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware +32
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-34110 MEDIUM POC This Month

An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to download arbitrary files regardless of file type or size. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Micro Star International Feature Navigator
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-36254 MEDIUM POC This Month

Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hotel Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-37796 MEDIUM POC This Month

In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Simple Online Book Store System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-38298 HIGH PATCH This Week

Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SSRF Appsmith
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-29490 HIGH This Week

Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microscada X Sys600
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2979 HIGH This Week

Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Cx Programmer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-31226 HIGH PATCH This Week

Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Dell Stack Overflow Buffer Overflow Chengming 3900 Firmware +24
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-37835 HIGH This Week

Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vpn
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-36102 HIGH PATCH This Week

Shopware is an open source e-commerce software. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Shopware
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2022-38972 MEDIUM This Month

Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series) allows a remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS A Form
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-39200 MEDIUM PATCH This Month

Dendrite is a Matrix homeserver written in Go. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Dendrite
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-36101 MEDIUM PATCH This Month

Shopware is an open source e-commerce software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Shopware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-31225 MEDIUM PATCH This Month

Dell BIOS versions contain an Unchecked Return Value vulnerability. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity.

Information Disclosure Dell Chengming 3900 Firmware Inspiron 14 Plus 7420 Firmware Inspiron 16 Plus 7620 Firmware +22
NVD
CVSS 3.1
5.1
EPSS
0.2%
CVE-2022-31220 MEDIUM This Month

Dell BIOS versions contain an Unchecked Return Value vulnerability. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Chengming 3900 Firmware Inspiron 14 Plus 7420 Firmware Inspiron 16 Plus 7620 Firmware +22
NVD
CVSS 3.1
5.1
EPSS
0.2%
CVE-2022-31222 MEDIUM PATCH This Month

Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Dell Denial Of Service Chengming 3900 Firmware Inspiron 14 Plus 7420 Firmware Inspiron 16 Plus 7620 Firmware +22
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2022-38299 MEDIUM PATCH This Month

An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Elastic Appsmith
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-38135 MEDIUM This Month

Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Photospace Gallery
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-31224 LOW PATCH Monitor

Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Dell Chengming 3900 Firmware Inspiron 14 Plus 7420 Firmware Inspiron 16 Plus 7620 Firmware +22
NVD
CVSS 3.1
2.4
EPSS
0.2%
CVE-2022-31223 LOW PATCH Monitor

Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity.

Information Disclosure Dell Chengming 3900 Firmware Inspiron 14 Plus 7420 Firmware Inspiron 16 Plus 7620 Firmware +22
NVD
CVSS 3.1
2.3
EPSS
0.2%
CVE-2022-31221 LOW PATCH Monitor

Dell BIOS versions contain an Information Exposure vulnerability. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Dell Chengming 3900 Firmware Inspiron 14 Plus 7420 Firmware Inspiron 16 Plus 7620 Firmware +22
NVD
CVSS 3.1
2.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy