Skip to main content
CVE-2022-40089 CRITICAL POC Act Now

A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP LFI Simple College Website
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-40087 CRITICAL POC Act Now

Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Simple College Website
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-36934 CRITICAL POC Act Now

An integer overflow in WhatsApp could result in remote code execution in an established video call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Heap Overflow Buffer Overflow Whatsapp Whatsapp Business
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-3268 CRITICAL POC PATCH Act Now

Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Minarca
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-35408 HIGH POC This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Insydeh2o
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2022-3256 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0530. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Vim Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-34026 HIGH POC This Week

ICEcoder v8.1 allows attackers to execute a directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Icecoder
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-40935 HIGH POC This Week

Online Pet Shop We App v1.0 is vulnerable to SQL Injection via /pet_shop/classes/Master.php?f=delete_category,id. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Pet Shop Web Application
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-40934 HIGH POC This Week

Online Pet Shop We App v1.0 is vulnerable to SQL injection via /pet_shop/classes/Master.php?f=delete_sub_category,id. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Pet Shop Web Application
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-40933 HIGH POC This Week

Online Pet Shop We App v1.0 by oretnom23 is vulnerable to SQL injection via /pet_shop/classes/Master.php?f=delete_order,id. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Pet Shop Web Application
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-40932 HIGH POC This Week

In Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of the "gallery" file of the "Gallery" module in the background management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zoo Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-40447 HIGH POC This Week

ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Zzcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-40446 HIGH POC This Week

ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Zzcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-35039 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e20a0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35038 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b064d. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35037 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6adb1e. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35036 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e1fc8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35035 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b559f. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35034 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e7e3d. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35032 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6b6a8f. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35031 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x703969. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35030 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe954. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35029 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35028 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbbb6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35027 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe9a7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35026 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbc0b. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35025 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x5266a8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35024 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35023 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /lib/x86_64-linux-gnu/libc.so.6+0xbb384. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35022 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6badae. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35021 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a global buffer overflow via /release-x64/otfccdump+0x718693. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-40088 MEDIUM POC This Month

Simple College Website v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /college_website/index.php?page=. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Simple College Website
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-23458 MEDIUM POC PATCH This Month

Toast UI Grid is a component to display and edit data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Toast Ui Grid
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-35894 MEDIUM POC This Month

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Insydeh2o
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2022-35896 MEDIUM POC This Month

An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Insydeh2o
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2022-31937 CRITICAL Act Now

Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Netgear Buffer Overflow Wnr2000V4 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40444 MEDIUM POC This Month

ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Zzcms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-40443 MEDIUM POC This Month

An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Zzcms
NVD GitHub
CVSS 3.1
5.3
EPSS
2.1%
CVE-2022-40186 CRITICAL PATCH Act Now

An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2022-3267 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Rdiffweb
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-37234 HIGH This Week

Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000 Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-28981 HIGH PATCH This Week

Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Liferay Portal
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-3274 LOW POC PATCH Monitor

Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.7. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

CSRF Rdiffweb
NVD GitHub
CVSS 3.1
3.5
EPSS
0.4%
CVE-2022-40146 HIGH PATCH This Week

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url.14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Batik Debian Linux
NVD
CVSS 3.1
7.5
EPSS
5.8%
CVE-2022-1941 HIGH PATCH This Week

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Denial Of Service Protobuf Cpp Protobuf Python Fedora +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-40705 HIGH This Week

An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP.2 and later versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XXE Soap
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-38512 MEDIUM PATCH This Month

The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Dxp Liferay Portal
NVD VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-28979 MEDIUM PATCH This Month

Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Digital Experience Platform Dxp Liferay Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-28977 MEDIUM PATCH This Month

HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Digital Experience Platform Dxp Liferay Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-28980 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Dxp Liferay Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy