Skip to main content
CVE-2022-2992 CRITICAL POC THREAT Emergency

A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Gitlab
NVD GitHub
CVSS 3.1
9.9
EPSS
86.2%
CVE-2022-3569 HIGH POC Act Now

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zimbra Collaboration Suite
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-42149 CRITICAL POC Act Now

kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Kkfileview
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-0699 CRITICAL POC PATCH Act Now

A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Shapelib
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42237 CRITICAL POC Act Now

A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42171 CRITICAL POC Act Now

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42170 CRITICAL POC Act Now

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42169 CRITICAL POC Act Now

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42168 CRITICAL POC Act Now

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42167 CRITICAL POC Act Now

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42166 CRITICAL POC Act Now

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42154 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload 74Cmsse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42165 CRITICAL POC Act Now

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42164 CRITICAL POC Act Now

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42163 CRITICAL POC Act Now

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42980 CRITICAL POC Act Now

go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Go Admin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-32176 CRITICAL POC Act Now

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Gin Vue Admin
NVD GitHub
CVSS 3.1
9.0
EPSS
0.9%
CVE-2022-42221 HIGH POC This Week

Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection R6220 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2022-42983 HIGH POC This Week

anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Aj Report
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-41751 HIGH POC This Week

Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Jhead Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-3283 HIGH POC This Week

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-42143 HIGH POC This Week

Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Open Source Sacco Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-42142 HIGH POC This Week

Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Online Tours And Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-3552 HIGH POC THREAT This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Boxbilling
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
44.0%
CVE-2022-41498 HIGH POC This Week

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editbrand.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Billing System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-3549 HIGH POC This Week

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Simple Cold Storage Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2022-3243 HIGH POC This Week

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Import All Pages Post Types Products Orders And Users As Xml Csv
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-3150 HIGH POC This Week

The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Custom Cursors
NVD WPScan
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-3131 HIGH POC This Week

The Search Logger WordPress plugin through 0.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Search Logger
NVD WPScan
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-28291 MEDIUM POC This Month

Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nessus
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-41471 MEDIUM POC This Month

74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 74Cmsse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-3082 MEDIUM POC This Month

The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Discord Integration
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-3149 MEDIUM POC This Month

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS WordPress Wp Custom Cursors
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-40055 CRITICAL Act Now

An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Gpon Ont Titanium 2122A Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-2884 CRITICAL POC THREAT Act Now

A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Gitlab Command Injection
NVD Exploit-DB
CVSS 3.1
9.9
EPSS
75.7%
CVE-2022-3206 MEDIUM POC This Month

The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Passster
NVD WPScan
CVSS 3.1
5.9
EPSS
0.5%
CVE-2022-23770 CRITICAL Act Now

This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Smart Wing Cms
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-23769 CRITICAL Act Now

Remote code execution vulnerability due to insufficient user privilege verification in reverseWall-MDS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Reversewall Mds
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-22128 CRITICAL Act Now

Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Tableau Server
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-2052 CRITICAL Act Now

Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Job Order Interface Oseon Trutops Boost +2
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-41431 MEDIUM POC This Month

xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /admin/question/edit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xzs
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-41139 MEDIUM POC This Month

MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Caldera
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-41472 MEDIUM POC This Month

74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS 74Cmsse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-2834 MEDIUM POC This Month

The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Path Traversal Helpful
NVD WPScan
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-3158 HIGH This Week

Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell SQLi RCE Factorytalk Vantagepoint
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2022-3368 HIGH This Week

A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Avira Security
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-38743 HIGH This Week

Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell Authentication Bypass RCE Factorytalk Vantagepoint
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-42029 HIGH This Week

Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Chamilo
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-23771 HIGH This Week

This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Nas1Dual Firmware Nas2Dual Firmware Nas4Dual Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-3550 HIGH PATCH This Week

A vulnerability classified as critical was found in X.org Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow X Server Debian Linux Fedora
NVD VulDB
CVSS 3.1
8.8
EPSS
1.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy