Skip to main content
CVE-2022-40877 CRITICAL POC Act Now

Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Exam Reviewer Management System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-41604 HIGH POC This Week

Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Checkpoint Privilege Escalation Zonealarm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-40878 HIGH POC THREAT This Week

In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Exam Reviewer Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
23.2%
CVE-2022-37209 HIGH POC This Week

JFinal CMS 5.1.0 is affected by: SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-31367 HIGH POC PATCH This Week

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Strapi
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-39258 HIGH POC PATCH This Week

mailcow is a mailserver suite. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Mailcow
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2022-3324 HIGH POC PATCH This Week

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38932 HIGH POC This Week

readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Toaruos
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-3323 HIGH POC THREAT This Week

An SQL injection vulnerability in Advantech iView 5.7.04.6469. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Iview
NVD
CVSS 3.1
7.5
EPSS
30.7%
CVE-2022-40354 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_booking.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-40353 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-40352 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-41571 CRITICAL Act Now

An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eyesofnetwork
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-41570 CRITICAL Act Now

An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Eyesofnetwork
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-37346 CRITICAL PATCH Act Now

EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Product Image Bulk Upload
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38335 MEDIUM POC This Month

Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vtiger Crm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-3303 MEDIUM POC This Month

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Linux Denial Of Service Linux Kernel Debian Linux
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2022-39256 HIGH PATCH This Week

Orckestra C1 CMS is a .NET based Web Content Management System. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization C1 Cms
NVD GitHub
CVSS 3.1
8.0
EPSS
1.2%
CVE-2022-34326 HIGH This Week

In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rtl8195Am Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-37193 HIGH This Week

Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apple Chipolo
NVD GitHub
CVSS 3.1
7.4
EPSS
0.6%
CVE-2022-23006 MEDIUM This Month

A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read. Rated medium severity (CVSS 6.7). No vendor patch available.

RCE Stack Overflow Buffer Overflow My Cloud Home Firmware My Cloud Home Duo Firmware +1
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-40816 MEDIUM This Month

Zammad 5.2.1 is vulnerable to Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zammad
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-38975 MEDIUM PATCH This Month

DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary script by having an administrative user of the product to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ec Cube
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-37028 MEDIUM This Month

ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Isams
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-39835 MEDIUM This Month

An issue was discovered in Gajim through 1.4.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gajim
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-40817 MEDIUM This Month

Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zammad
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-40199 LOW PATCH Monitor

Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ec Cube
NVD
CVSS 3.1
2.7
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy