Skip to main content
CVE-2022-41604 HIGH POC This Week

Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Checkpoint Privilege Escalation Zonealarm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-40878 HIGH POC THREAT This Week

In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Exam Reviewer Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
23.2%
CVE-2022-37209 HIGH POC This Week

JFinal CMS 5.1.0 is affected by: SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-31367 HIGH POC PATCH This Week

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Strapi
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-39258 HIGH POC PATCH This Week

mailcow is a mailserver suite. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Mailcow
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2022-3324 HIGH POC PATCH This Week

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38932 HIGH POC This Week

readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Toaruos
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-3323 HIGH POC THREAT This Week

An SQL injection vulnerability in Advantech iView 5.7.04.6469. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Iview
NVD
CVSS 3.1
7.5
EPSS
30.7%
CVE-2022-40354 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_booking.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-40353 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-40352 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-39256 HIGH PATCH This Week

Orckestra C1 CMS is a .NET based Web Content Management System. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization C1 Cms
NVD GitHub
CVSS 3.1
8.0
EPSS
1.2%
CVE-2022-34326 HIGH This Week

In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rtl8195Am Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-37193 HIGH This Week

Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apple Chipolo
NVD GitHub
CVSS 3.1
7.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy