Skip to main content
CVE-2022-42064 CRITICAL POC Act Now

Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Diagnostic Lab Management System
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-3504 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Sanitization Management System and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sanitization Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-37602 CRITICAL POC Act Now

Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Grunt Karma
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-41436 CRITICAL POC Act Now

An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via browsing to the URL http://device_ip/index1.html. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tp50 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-41477 CRITICAL POC Act Now

A security issue was discovered in WeBid <=1.2.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Webid
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2022-32177 CRITICAL POC Act Now

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Gin Vue Admin
NVD GitHub
CVSS 3.1
9.0
EPSS
0.9%
CVE-2022-42234 HIGH POC This Week

There is a file inclusion vulnerability in the template management module in UCMS 1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Ucms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-42070 HIGH POC This Week

Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Online Birth Certificate Management System
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-41539 HIGH POC This Week

Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Wedding Planner
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-41538 HIGH POC This Week

Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Wedding Planner
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-41674 HIGH POC PATCH This Week

An issue was discovered in the Linux kernel before 5.19.16. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Linux Buffer Overflow Linux Kernel Fedora +1
NVD
CVSS 3.1
8.1
EPSS
3.8%
CVE-2022-42720 HIGH POC PATCH This Week

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Code Injection Use After Free Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-2963 HIGH POC PATCH This Week

A vulnerability found in jasper. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jasper Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-37603 HIGH POC PATCH This Week

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Loader Utils
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-2880 HIGH POC PATCH This Week

Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Request Smuggling Go
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-41416 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /user/update_booking.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-42232 HIGH POC This Week

Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Cold Storage Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-3495 HIGH POC This Week

A vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Online Public Access Catalog
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2022-41536 HIGH POC This Week

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_user.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Open Source Sacco Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-41535 HIGH POC This Week

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_borrower.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Open Source Sacco Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-2850 MEDIUM POC This Month

A flaw was found In 389-ds-base. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Directory Server Enterprise Linux Fedora +2
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-35059 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0414. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35058 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05ce. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35056 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0478. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35055 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0473. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35054 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6171b2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35053 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x61731f. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35052 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b84b1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35051 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b55af. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35050 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b04de. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35049 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b03b5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35048 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0b2c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35047 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05aa. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35046 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0466. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35045 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0d63. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35044 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x617087. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35043 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c08a6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35042 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adb11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35041 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b558f. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35040 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b5567. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-42071 MEDIUM POC This Month

Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Birth Certificate Management System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-42066 MEDIUM POC This Month

Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Examination System
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-38418 CRITICAL PATCH Act Now

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Path Traversal Adobe Coldfusion
NVD
CVSS 3.1
9.8
EPSS
80.0%
CVE-2022-35712 CRITICAL PATCH Act Now

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Heap Overflow Adobe Buffer Overflow Coldfusion
NVD
CVSS 3.1
9.8
EPSS
36.8%
CVE-2022-35711 CRITICAL PATCH Act Now

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Heap Overflow Adobe Buffer Overflow Coldfusion
NVD
CVSS 3.1
9.8
EPSS
73.5%
CVE-2022-35710 CRITICAL PATCH Act Now

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Adobe Stack Overflow Buffer Overflow Coldfusion
NVD
CVSS 3.1
9.8
EPSS
42.6%
CVE-2022-35690 CRITICAL PATCH Act Now

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Adobe Stack Overflow Buffer Overflow Coldfusion
NVD
CVSS 3.1
9.8
EPSS
72.2%
CVE-2022-41580 CRITICAL Act Now

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-41578 CRITICAL Act Now

The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-38983 CRITICAL Act Now

The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.6%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy