Skip to main content
CVE-2022-36534 HIGH POC THREAT Act Now

Super Flexible Software GmbH & Co. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 54.2%.

RCE PHP Syncovery
NVD VulDB
CVSS 3.1
8.8
EPSS
54.2%
Threat
4.9
CVE-2022-36533 MEDIUM POC THREAT This Month

Super Flexible Software GmbH & Co. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 42.6%.

XSS Syncovery
NVD VulDB
CVSS 3.1
5.4
EPSS
42.6%
CVE-2022-36532 HIGH POC THREAT Act Now

Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.3%.

RCE Bolt Cms
NVD VulDB
CVSS 3.1
8.8
EPSS
25.3%
Threat
4.0
CVE-2022-36536 CRITICAL POC Act Now

An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Syncovery
NVD VulDB
CVSS 3.1
9.8
EPSS
5.2%
CVE-2022-37258 CRITICAL POC Act Now

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Node.js Steal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38621 CRITICAL POC THREAT Act Now

Doufox v0.0.4 was discovered to contain a remote code execution (RCE) vulnerability via the edit file page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Doufox
NVD GitHub
CVSS 3.1
9.8
EPSS
24.1%
CVE-2022-38831 CRITICAL POC Act Now

Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Rx9 Pro Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38830 CRITICAL POC Act Now

Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Rx9 Pro Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38829 CRITICAL POC Act Now

Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setMacFilterCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Rx9 Pro Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38828 CRITICAL POC THREAT Act Now

TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
19.3%
CVE-2022-38827 CRITICAL POC THREAT Act Now

TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
12.0%
CVE-2022-38826 CRITICAL POC Act Now

In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-38823 CRITICAL POC Act Now

In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass T6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-26959 CRITICAL POC Act Now

There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Northstar Club Management
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-38843 HIGH POC This Week

EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Espocrm
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-38808 HIGH POC This Week

ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ywoa
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-1194 HIGH POC This Week

The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Code Injection Mobile Events Manager
NVD WPScan
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-38844 HIGH POC This Week

CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Espocrm
NVD
CVSS 3.1
8.0
EPSS
1.1%
CVE-2022-2798 HIGH POC This Week

The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Code Injection Affiliates Manager
NVD WPScan
CVSS 3.1
8.0
EPSS
0.9%
CVE-2022-38611 HIGH POC This Week

Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attackers to perform a DLL hijacking attack and execute arbitrary code via a crafted binary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Anti Virus
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-36027 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-3217 HIGH POC This Week

When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vbase
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-39063 HIGH POC This Week

When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open5gs
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-40152 HIGH POC PATCH THREAT This Week

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Xstream Woodstox
NVD GitHub
CVSS 3.1
7.5
EPSS
19.7%
CVE-2022-40151 HIGH POC PATCH This Week

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Xstream
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-38878 HIGH POC This Week

School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/event/index.php?view=edit&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Activity Updates With Sms Notification
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38877 HIGH POC This Week

Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Garage Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-35195 HIGH POC This Week

TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Testlink
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-35193 HIGH POC This Week

TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Testlink
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-38833 HIGH POC This Week

School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/modstudent/index.php?view=view&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Activity Updates With Sms Notification
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-38832 HIGH POC This Week

School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/department/index.php?view=edit&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Activity Updates With Sms Notification
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-34002 MEDIUM POC This Month

The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Pds Vista 7
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-37775 MEDIUM POC This Month

Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pureconnect
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-38845 MEDIUM POC This Month

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Espocrm
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-3223 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.3.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Drawio
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-2669 MEDIUM POC This Month

The WP Taxonomy Import WordPress plugin through 1.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Taxonomy Import
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2655 MEDIUM POC This Month

The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Classified Listing
NVD WPScan
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-2654 MEDIUM POC This Month

The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Classified Listing Classified Listing Store Membership Classima +1
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38846 MEDIUM POC This Month

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Espocrm
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2022-40300 CRITICAL PATCH Act Now

Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Zoho SQLi Manageengine Access Manager Plus Manageengine Pam360 Manageengine Password Manager Pro
NVD
CVSS 3.1
9.8
EPSS
99.3%
CVE-2022-35939 CRITICAL PATCH Act Now

TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-3214 CRITICAL Act Now

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-39009 CRITICAL Act Now

The WLAN module has a vulnerability in permission verification. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-39007 CRITICAL Act Now

The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-39002 CRITICAL Act Now

Double free vulnerability in the storage module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-39000 CRITICAL Act Now

The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-38999 CRITICAL Act Now

The AOD module has the improper update of reference count vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-25708 CRITICAL Act Now

Memory corruption in WLAN due to buffer copy without checking size of input while parsing keys in Snapdragon Connectivity, Snapdragon Mobile. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 8 Gen1 5g Firmware Sd888 5G Firmware Sm7450 Firmware +14
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-25688 CRITICAL Act Now

Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +147
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-25686 CRITICAL Act Now

Memory corruption in video module due to buffer overflow while processing WAV file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Apq8017 Firmware Apq8053 Firmware Aqt1000 Firmware +104
NVD
CVSS 3.1
9.8
EPSS
0.3%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy