Skip to main content
CVE-2022-41352 CRITICAL POC KEV PATCH THREAT Act Now

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Ubuntu Red Hat Path Traversal Zimbra Collaboration Suite
NVD
CVSS 3.1
9.8
EPSS
95.5%
CVE-2022-40050 CRITICAL POC Act Now

ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zfile
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-30004 CRITICAL POC Act Now

Sourcecodester Online Market Place Site v1.0 suffers from an unauthenticated blind SQL Injection Vulnerability allowing remote attackers to dump the SQL database via time-based SQL injection.. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Market Place Site
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-40485 CRITICAL POC Act Now

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /package_detail.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wedding Planner
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40484 CRITICAL POC Act Now

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_edit.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wedding Planner
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40483 CRITICAL POC Act Now

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /wedding_details.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wedding Planner
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-39243 CRITICAL POC PATCH Act Now

NuProcess is an external process execution implementation for Java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Nuprocess
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-21797 CRITICAL POC PATCH Act Now

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Joblib Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-40043 HIGH POC PATCH This Week

Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Centreon
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-3038 HIGH POC KEV THREAT This Week

Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
24.7%
CVE-2022-40404 HIGH POC This Week

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/select.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wedding Planner
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-40402 HIGH POC This Week

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_assign.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wedding Planner
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-36159 HIGH POC PATCH This Week

Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Fxa3000 Firmware Fxa3020 Firmware Fxa3200 Firmware Fxa2000 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-36158 HIGH POC PATCH This Week

Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Fxa3000 Firmware Fxa3020 Firmware Fxa3200 Firmware Fxa2000 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.5%
CVE-2022-41347 HIGH POC PATCH This Week

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Nginx Information Disclosure Collaboration
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-3298 HIGH POC PATCH This Week

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Rdiffweb
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-3290 HIGH POC PATCH This Week

Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rdiffweb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-3272 HIGH POC PATCH This Week

Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rdiffweb
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-3295 HIGH POC PATCH This Week

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Rdiffweb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-3119 HIGH POC This Week

The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass CSRF WordPress Oauth Client Single Sign On
NVD WPScan
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-2987 HIGH POC This Week

The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it's settings (which are hooked to the init action),. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Ldap Wp Login Active Directory Integration
NVD WPScan
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-40099 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense_category.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-40098 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-40097 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_currency.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours And Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-40928 HIGH POC This Week

Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Leave Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-40927 HIGH POC This Week

Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_designation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Leave Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-40926 HIGH POC This Week

Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_leave_type. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Leave Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-40925 HIGH POC This Week

Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zoo Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-40924 HIGH POC This Week

Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zoo Management System
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-40403 HIGH POC This Week

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/feature_edit.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wedding Planner
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-3076 HIGH POC This Week

The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Cm Download Manager
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-2903 HIGH POC This Week

The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization WordPress PHP Ninja Forms
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-2352 HIGH POC This Week

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Post Smtp
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-38553 MEDIUM POC This Month

Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Academy Learning Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
2.3%
CVE-2022-2856 MEDIUM POC KEV PATCH THREAT This Month

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
4.5%
CVE-2022-39219 MEDIUM POC PATCH This Month

Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bifrost
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-3299 MEDIUM POC PATCH This Month

A vulnerability was found in Open5GS up to 2.4.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-38970 MEDIUM POC This Month

ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ig20 Firmware Realserver
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-3062 MEDIUM POC THREAT This Month

The Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Simple File List
NVD WPScan
CVSS 3.1
6.1
EPSS
44.1%
CVE-2022-2404 MEDIUM POC This Month

The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Popup Builder
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-21169 MEDIUM POC PATCH This Month

The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Prototype Pollution Express Xss Sanitizer
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-28722 CRITICAL Act Now

Certain HP Print Products are potentially vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Buffer Overflow P4C78A Firmware P4C85A Firmware T3P03A Firmware +96
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-28721 CRITICAL Act Now

Certain HP Print Products are potentially vulnerable to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP RCE M2U86A Firmware M2U86B Firmware M2U86C Firmware +297
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-3075 CRITICAL KEV THREAT Act Now

Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
9.6
EPSS
5.7%
CVE-2022-30003 MEDIUM POC This Month

Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Site Scripting (XSS), allowing attackers to register as a Seller then create new products containing XSS payloads in the 'Product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Market Place Site
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-40044 MEDIUM POC PATCH This Month

Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Centreon
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-3025 MEDIUM POC This Month

The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS WordPress Bitcoin Altcoin Faucet
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-3024 MEDIUM POC This Month

The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS WordPress Simple Bitcoin Faucets
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-1755 MEDIUM POC This Month

The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Svg Support
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1613 MEDIUM POC This Month

The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Restricted Site Access
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy