Skip to main content
CVE-2022-42889 CRITICAL POC PATCH THREAT Act Now

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Apache Code Injection Commons Text Bluexp +1
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.9%
CVE-2022-41391 CRITICAL POC Act Now

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ocomon
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-41390 CRITICAL POC Act Now

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ocomon
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-41497 CRITICAL POC Act Now

ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Clippercms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-41496 CRITICAL POC Act Now

iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Icms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-41495 CRITICAL POC Act Now

ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Clippercms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42719 HIGH POC PATCH This Week

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-35135 HIGH POC This Week

Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/<uuid>. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Iot Platform
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-42161 HIGH POC This Week

D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Covr 1203 Firmware Covr 1202 Firmware Covr 1200 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-42160 HIGH POC This Week

D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Covr 1203 Firmware Covr 1202 Firmware Covr 1200 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-42156 HIGH POC This Week

D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Covr 1203 Firmware Covr 1202 Firmware Covr 1200 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-41475 HIGH POC This Week

RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rpcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-37208 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-34020 HIGH POC This Week

Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Iot Platform And Lorawan Network Server
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-41489 HIGH POC This Week

WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Lq 09 Firmware Lq 08 Firmware Lq 07 Firmware Lq 06 Firmware +2
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-40187 HIGH POC This Week

Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Gc3 Launch Monitor Firmware Launch Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.8%
CVE-2022-42906 HIGH POC PATCH This Week

powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Powerline Gitstatus Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-34022 HIGH POC This Week

SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Iot Platform And Lorawan Network Server
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-41534 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-41533 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-35136 MEDIUM POC This Month

Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Iot Platform
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-41474 MEDIUM POC This Month

RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rpcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3473 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Human Resource Management System. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Human Resource Management System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-3470 MEDIUM POC This Month

A vulnerability was found in SourceCodester Human Resource Management System. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Human Resource Management System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-39295 MEDIUM POC This Month

Knowage is an open source suite for modern business analytics alternative over big data systems. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Knowage
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-41473 MEDIUM POC This Month

RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rpcms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-39303 CRITICAL PATCH Act Now

Ree6 is a moderation bot. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Ree6
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3457 CRITICAL PATCH Act Now

Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rdiffweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-3456 CRITICAL PATCH Act Now

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rdiffweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-39293 CRITICAL PATCH Act Now

Azure RTOS USBX is a high-performance USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Microsoft Buffer Overflow Threadx Usbx
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-24697 CRITICAL PATCH Act Now

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Kylin
NVD
CVSS 3.1
9.8
EPSS
84.8%
CVE-2022-42897 CRITICAL PATCH Act Now

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Privilege Escalation Arrayos Ag
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-38902 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dxp Liferay Portal
NVD VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-35081 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_read_header at /src/png2swf.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35080 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_load at /lib/png.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35612 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mqttroute
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-35134 MEDIUM POC This Month

Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Iot Platform
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-34021 MEDIUM POC This Month

Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Iot Platform And Lorawan Network Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-3472 MEDIUM POC This Month

A vulnerability was found in SourceCodester Human Resource Management System. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Human Resource Management System
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.5%
CVE-2022-3471 MEDIUM POC This Month

A vulnerability was found in SourceCodester Human Resource Management System. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Human Resource Management System
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.5%
CVE-2022-3492 HIGH This Week

A vulnerability classified as critical was found in SourceCodester Human Resource Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Human Resource Management System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-42902 HIGH PATCH This Week

In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Lava Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-35611 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Mqttroute
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-42159 MEDIUM POC This Month

D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Covr 1203 Firmware Covr 1202 Firmware Covr 1200 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-39300 HIGH PATCH This Week

node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Jwt Attack Node Saml
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-31123 HIGH PATCH This Week

Grafana is an open source observability and data visualization platform. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Grafana Jwt Attack E Series Performance Analyzer
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-42901 HIGH This Week

Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Buffer Overflow Microstation View
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-42900 HIGH This Week

Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Buffer Overflow Microstation View
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-42899 HIGH This Week

Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Buffer Overflow Microstation View
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-39278 HIGH This Week

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Denial Of Service Istio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy