Skip to main content
CVE-2022-35408 HIGH POC This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Insydeh2o
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2022-3256 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0530. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Vim Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-34026 HIGH POC This Week

ICEcoder v8.1 allows attackers to execute a directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Icecoder
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-40935 HIGH POC This Week

Online Pet Shop We App v1.0 is vulnerable to SQL Injection via /pet_shop/classes/Master.php?f=delete_category,id. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Pet Shop Web Application
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-40934 HIGH POC This Week

Online Pet Shop We App v1.0 is vulnerable to SQL injection via /pet_shop/classes/Master.php?f=delete_sub_category,id. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Pet Shop Web Application
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-40933 HIGH POC This Week

Online Pet Shop We App v1.0 by oretnom23 is vulnerable to SQL injection via /pet_shop/classes/Master.php?f=delete_order,id. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Pet Shop Web Application
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-40932 HIGH POC This Week

In Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of the "gallery" file of the "Gallery" module in the background management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zoo Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-40447 HIGH POC This Week

ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Zzcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-40446 HIGH POC This Week

ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Zzcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-37234 HIGH This Week

Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000 Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-28981 HIGH PATCH This Week

Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Liferay Portal
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-40146 HIGH PATCH This Week

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url.14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Batik Debian Linux
NVD
CVSS 3.1
7.5
EPSS
5.8%
CVE-2022-1941 HIGH PATCH This Week

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Denial Of Service Protobuf Cpp Protobuf Python Fedora +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-40705 HIGH This Week

An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP.2 and later versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XXE Soap
NVD
CVSS 3.1
7.5
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy