Skip to main content
CVE-2022-3218 CRITICAL POC PATCH THREAT Act Now

Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Wifi Mouse Server
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
73.5%
CVE-2022-35914 CRITICAL POC KEV PATCH THREAT Act Now

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection PHP Glpi
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
99.6%
CVE-2022-38509 CRITICAL POC Act Now

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wedding Planner
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40432 CRITICAL POC Act Now

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Strings
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-40431 CRITICAL POC Act Now

The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Pdfs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40430 CRITICAL POC Act Now

The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Utility
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40429 CRITICAL POC Act Now

The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Ip Addresses
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40428 CRITICAL POC Act Now

The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Mpeg
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40426 CRITICAL POC Act Now

The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Asns
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40425 CRITICAL POC Act Now

The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Html
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38887 CRITICAL POC Act Now

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Python
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38886 CRITICAL POC Act Now

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Xml
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38885 CRITICAL POC Act Now

The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Netstrings
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38884 CRITICAL POC Act Now

The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Grammars
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38883 CRITICAL POC Act Now

The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Math
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38882 CRITICAL POC Act Now

The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Json
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38881 CRITICAL POC Act Now

The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Archives
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-37203 CRITICAL POC Act Now

JFinal CMS 5.1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-40811 CRITICAL POC Act Now

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Urls
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40808 CRITICAL POC Act Now

The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Dates
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40807 CRITICAL POC Act Now

The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Domains
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40806 CRITICAL POC Act Now

The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Uuids
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40805 CRITICAL POC Act Now

The d8s-urls for python 0.1.0, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Democritus Urls
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40427 CRITICAL POC Act Now

The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Domains
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40424 CRITICAL POC Act Now

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Democritus Urls
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38880 CRITICAL POC Act Now

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Urls
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-2840 CRITICAL POC Act Now

The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Zephyr Project Manager
NVD WPScan Exploit-DB
CVSS 3.1
9.8
EPSS
9.7%
CVE-2022-2754 CRITICAL POC THREAT Act Now

The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Ketchup Restaurant Reservations
NVD WPScan
CVSS 3.1
9.8
EPSS
37.7%
CVE-2022-38545 CRITICAL POC PATCH THREAT Act Now

Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Valine
NVD GitHub
CVSS 3.1
9.6
EPSS
32.9%
CVE-2022-38577 HIGH POC This Week

ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Processmaker
NVD VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-37032 CRITICAL POC PATCH Act Now

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Frrouting Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2022-38617 HIGH POC This Week

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Smartvista
NVD VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-38351 HIGH POC This Week

A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Biostar 2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-3142 HIGH POC THREAT This Week

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Nex Forms
NVD WPScan Exploit-DB
CVSS 3.1
8.8
EPSS
10.4%
CVE-2022-3141 HIGH POC This Week

The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Translatepress
NVD WPScan Exploit-DB
CVSS 3.1
8.8
EPSS
3.9%
CVE-2022-2958 HIGH POC This Week

The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Badgos
NVD WPScan
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-37700 HIGH POC This Week

Zentao Demo15 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Zentao
NVD VulDB
CVSS 3.1
7.5
EPSS
2.7%
CVE-2022-38532 HIGH POC This Week

Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered to contain a vulnerability in the component C_Features of MSI.CentralServer.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Center
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-28204 HIGH POC This Week

A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service Mediawiki
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-28203 HIGH POC This Week

A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mediawiki Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-40468 HIGH POC This Week

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tinyproxy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-40076 HIGH POC This Week

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetWifiGusetBasic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-40075 HIGH POC This Week

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, form_fast_setting_wifi_set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-40074 HIGH POC This Week

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, setSchedWifi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-40073 HIGH POC This Week

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-40072 HIGH POC This Week

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: setSmartPowerManagement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-40071 HIGH POC This Week

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, formSetDeviceName. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-40070 HIGH POC This Week

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via bin/httpd, function: formSetFirewallCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-40069 HIGH POC This Week

]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetSysTime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-40068 HIGH POC This Week

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetQosBand. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy