Skip to main content
CVE-2022-36635 HIGH POC THREAT Act Now

ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.6%.

SQLi Zkbiosecurity V5000
NVD VulDB
CVSS 3.1
8.8
EPSS
16.6%
CVE-2022-42075 CRITICAL POC Act Now

Wedding Planner v1.0 is vulnerable to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Wedding Planner
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-40872 CRITICAL POC Act Now

An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple E Learning System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40835 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40834 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40833 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40832 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40831 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40830 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40829 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40828 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40827 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40826 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40825 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40824 CRITICAL POC Act Now

B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-3414 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Web-Based Student Clearance System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Web Based Student Clearance System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-31680 CRITICAL POC THREAT Act Now

The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization VMware Vcenter Server
NVD
CVSS 3.1
9.1
EPSS
33.1%
CVE-2022-36634 HIGH POC This Week

An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zkbiosecurity V5000
NVD VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-33896 HIGH POC This Week

A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Buffer Overflow RCE Hancom Office 2020
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-39289 HIGH POC PATCH This Week

ZoneMinder is a free, open source Closed-circuit television software application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Zoneminder
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-3422 HIGH POC PATCH This Week

Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Tooljet
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-42074 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-42073 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-41379 HIGH POC This Week

An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Leave Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-41378 HIGH POC This Week

Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=inventory/manage_inventory. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Pet Shop We App
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-41377 HIGH POC This Week

Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Pet Shop We App
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-42092 HIGH POC This Week

Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Backdrop Cms
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-41515 HIGH POC This Week

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Open Source Sacco Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-41514 HIGH POC This Week

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_loan. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Open Source Sacco Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-41513 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /diagnostic/edittest.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-41512 HIGH POC This Week

An arbitrary file upload vulnerability in the component /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-39290 MEDIUM POC PATCH This Month

ZoneMinder is a free, open source Closed-circuit television software application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass CSRF Zoneminder
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
5.4%
CVE-2022-3423 MEDIUM POC PATCH This Month

Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Nocodb
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-41442 MEDIUM POC PATCH This Month

PicUploader v2.6.3 was discovered to contain cross-site scripting (XSS) vulnerability via the setStorageParams function in SettingController.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Picuploader
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-3275 CRITICAL Act Now

Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Puppetlabs Mysql Fedora
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-37891 CRITICAL Act Now

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba Buffer Overflow Arubaos Instant Scalance W1750D Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-37890 CRITICAL Act Now

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba Buffer Overflow Arubaos Instant Scalance W1750D Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-37889 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba RCE Buffer Overflow Arubaos Instant +1
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-37887 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba RCE Buffer Overflow Arubaos Instant +1
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-37886 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba RCE Buffer Overflow Arubaos Instant +1
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-37885 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba RCE Buffer Overflow Arubaos Instant +1
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-39862 CRITICAL Act Now

Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Dynamic Lockscreen
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-39291 MEDIUM POC PATCH This Month

ZoneMinder is a free, open source Closed-circuit television software application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection PHP Zoneminder
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
5.1%
CVE-2022-39285 MEDIUM POC PATCH This Month

ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Zoneminder
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
3.7%
CVE-2022-41392 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Total Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-3276 HIGH This Week

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Puppetlabs Mysql
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-22493 HIGH PATCH This Week

IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Websphere Automation For Ibm Cloud Pak For Watson Aiops
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-41672 HIGH PATCH This Week

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Airflow
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2022-39959 HIGH This Week

Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Everest Engine
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-26472 HIGH This Week

In ims, there is a possible escalation of privilege due to a parcel format mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy