Skip to main content
CVE-2022-36174 HIGH POC This Week

FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Apple Freshservice Agent
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-36173 HIGH POC This Week

FreshService macOS Agent < 4.4.0 and FreshServce Linux Agent < 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Apple Freshservice Agent Freshservice Probe
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-3178 HIGH POC PATCH This Week

Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-35572 HIGH POC This Week

On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Linksys E5350 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-37797 HIGH POC This Week

In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Lighttpd Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-37734 HIGH POC PATCH This Week

graphql-java before19.0 is vulnerable to Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Java Graphql Java
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-36259 HIGH POC This Week

A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password",. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-36258 HIGH POC This Week

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-36257 HIGH POC This Week

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-36256 HIGH POC This Week

A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-36255 HIGH POC This Week

A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-38304 HIGH POC This Week

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_leave_type.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Leave Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38303 HIGH POC This Week

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /employees/manage_leave_type.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Leave Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38302 HIGH POC This Week

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_department.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Leave Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-38610 HIGH POC This Week

Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editclient.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Garage Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38606 HIGH POC This Week

Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editcategory.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Garage Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38605 HIGH POC This Week

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Church Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-34108 HIGH POC This Week

An issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service (DoS) via a crafted image or video file. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Micro Star International Feature Navigator
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-34109 HIGH POC This Week

An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto\, regardless of file type or size. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Micro Star International Feature Navigator
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-38298 HIGH PATCH This Week

Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SSRF Appsmith
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-29490 HIGH This Week

Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microscada X Sys600
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2979 HIGH This Week

Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Cx Programmer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-31226 HIGH PATCH This Week

Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Dell Stack Overflow Buffer Overflow Chengming 3900 Firmware +24
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-37835 HIGH This Week

Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vpn
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-36102 HIGH PATCH This Week

Shopware is an open source e-commerce software. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Shopware
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy