Skip to main content
CVE-2022-33880 CRITICAL POC Act Now

hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System Mini Project
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-40887 CRITICAL POC Act Now

SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Best Student Result Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-29503 CRITICAL POC Act Now

A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Uclibc Uclibc Ng Eufy Homebase 2 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-40475 CRITICAL POC Act Now

TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A860R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-40407 HIGH POC This Week

A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Chamilo
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-40472 HIGH POC This Week

ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Zkbio Time
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2022-40126 HIGH POC This Week

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Path Traversal Clash
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-3352 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0614. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Vim Fedora +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38222 HIGH POC This Week

There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Xpdf
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-40048 HIGH POC This Week

Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Flatpress
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
2.3%
CVE-2022-3364 HIGH POC PATCH This Week

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Rdiffweb
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-40890 HIGH POC This Week

A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open5gs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-40279 HIGH POC This Week

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Denial Of Service Tizenrt
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-40278 HIGH POC This Week

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Samsung Denial Of Service Use After Free Tizenrt
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-1718 HIGH POC PATCH This Week

The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Trudesk
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-39173 HIGH POC This Week

In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Wolfssl
NVD GitHub
CVSS 3.1
7.5
EPSS
4.3%
CVE-2022-40879 MEDIUM POC This Month

kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kkfileview
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-40931 MEDIUM POC PATCH This Month

dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Transfer Sh
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-39266 CRITICAL PATCH Act Now

isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Isolated Vm
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-40363 MEDIUM POC This Month

A buffer overflow in the component nfc_device_load_mifare_ul_data of Flipper Devices Inc., Flipper Zero before v0.65.2 allows attackers to cause a Denial of Service (DoS) via a crafted NFC file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Flipper Zero Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-1725 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Vim macOS
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-35137 MEDIUM POC This Month

DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dgiot
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-40408 MEDIUM POC This Month

FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Feehicms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-3355 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.8.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Inventree
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-1719 MEDIUM POC PATCH This Month

Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Trudesk
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-3326 MEDIUM POC PATCH This Month

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Rdiffweb
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-41828 HIGH PATCH This Week

In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Amazon Web Services Redshift Java Database Connectivity Driver
NVD GitHub
CVSS 3.1
8.1
EPSS
1.5%
CVE-2022-39168 HIGH PATCH This Week

IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation For Cloud Pak Robotic Process Automation For Services
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-39252 HIGH PATCH This Week

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Matrix Rust Sdk
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-38732 HIGH This Week

SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Snapcenter
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-39250 HIGH PATCH This Week

Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Javascript Sdk
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-36066 HIGH PATCH This Week

Discourse is an open source discussion platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Discourse
NVD GitHub
CVSS 3.1
7.2
EPSS
1.6%
CVE-2022-39254 MEDIUM PATCH This Month

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Python Matrix Nio
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-35888 MEDIUM This Month

Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ampere Altra Max Firmware Ampere Altra Firmware Ampereone Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-39232 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2022-39226 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-36068 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy