Skip to main content
CVE-2022-35156 CRITICAL POC Act Now

Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php.. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bus Pass Management System
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-40944 CRITICAL POC Act Now

Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Dairy Farm Shop Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-40341 HIGH POC This Week

mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Mojoportal
NVD VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-20775 HIGH POC KEV THREAT This Week

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cisco Catalyst Sd Wan Manager Sd Wan Vbond Orchestrator Sd Wan Vedge Cloud +2
NVD GitHub
CVSS 3.1
7.8
EPSS
12.5%
CVE-2022-40277 HIGH POC This Week

Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Joplin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-40274 HIGH POC This Week

Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Gridea
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-3371 HIGH POC PATCH This Week

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Rdiffweb
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-24373 HIGH POC PATCH This Week

The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service React Native Reanimated
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-21222 HIGH POC PATCH This Week

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Css What
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-41440 HIGH POC This Week

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Billing System Project
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-41439 HIGH POC This Week

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Billing System Project
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-41437 HIGH POC This Week

Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Billing System Project
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-35155 MEDIUM POC This Month

Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bus Pass Management System
NVD GitHub Exploit-DB VulDB
CVSS 3.1
6.1
EPSS
2.6%
CVE-2022-1959 MEDIUM POC This Month

AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Applock
NVD
CVSS 3.1
6.6
EPSS
0.4%
CVE-2022-40923 MEDIUM POC This Month

A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Lief
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-37461 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Medical Vitrea View
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-40943 CRITICAL Act Now

Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Dairy Farm Shop Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40315 CRITICAL PATCH Act Now

A limited SQL injection risk was identified in the "browse list of users" site administration page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40314 CRITICAL PATCH Act Now

A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Moodle
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-2778 CRITICAL PATCH Act Now

In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Octopus Server
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-41847 MEDIUM POC This Month

An issue was discovered in Bento4 1.6.0-639. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-41846 MEDIUM POC This Month

An issue was discovered in Bento4 1.6.0-639. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-41845 MEDIUM POC This Month

An issue was discovered in Bento4 1.6.0-639. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-41844 MEDIUM POC PATCH This Month

An issue was discovered in Xpdf 4.04. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-41843 MEDIUM POC This Month

An issue was discovered in Xpdf 4.04. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-41842 MEDIUM POC PATCH This Month

An issue was discovered in Xpdf 4.04. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-41841 MEDIUM POC This Month

An issue was discovered in Bento4 through 1.6.0-639. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-2922 MEDIUM POC PATCH This Month

Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Dotnetnuke
NVD GitHub
CVSS 3.1
4.9
EPSS
1.0%
CVE-2022-40756 HIGH This Week

If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Psql Zen
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-36961 HIGH This Week

A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SQLi Privilege Escalation Orion Platform
NVD
CVSS 3.1
8.8
EPSS
75.2%
CVE-2022-39268 HIGH PATCH This Week

CSRF Orchest
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-20818 HIGH This Week

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Sd Wan Vbond Orchestrator Sd Wan Vmanage Sd Wan Vsmart Controller +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-41975 HIGH This Week

RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Vnc Server Vnc Viewer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20919 HIGH This Week

A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-20856 HIGH This Week

A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mobility messages in Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-20848 HIGH This Week

A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-20847 HIGH This Week

A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-2529 HIGH PATCH This Week

sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Goflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-20851 HIGH This Week

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Apple Command Injection Ios Xe
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-41870 HIGH This Week

AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Innovaphone Firmware
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-34429 HIGH This Week

Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Dell Path Traversal Hybrid Client
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2022-20850 HIGH This Week

A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Path Traversal Sd Wan Vbond Orchestrator Sd Wan Vmanage +3
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2022-40313 HIGH PATCH This Week

Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2022-20662 MEDIUM This Month

A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple Duo
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2022-20930 MEDIUM This Month

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Catalyst Sd Wan Manager Sd Wan Vbond Orchestrator Sd Wan Vmanage +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-20855 MEDIUM This Month

A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Apple Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-20945 MEDIUM This Month

A vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Buffer Overflow Catalyst 9800 L Firmware Catalyst 9800 40 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-20810 MEDIUM This Month

A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Apple Ios Xe
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-20769 MEDIUM This Month

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Cisco Denial Of Service Buffer Overflow Wireless Lan Controller Software
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-36965 MEDIUM This Month

Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Solarwinds Platform
NVD
CVSS 3.1
6.1
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy