Skip to main content
CVE-2022-21587 CRITICAL POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
9.8
EPSS
98.3%
CVE-2022-40684 CRITICAL POC KEV THREAT Emergency

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Fortinet Authentication Bypass Fortiproxy Fortiswitchmanager Fortios
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2022-43260 CRITICAL POC Act Now

Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overflow via the time parameter in the fromSetSysTime function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac18 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-41544 CRITICAL POC Act Now

GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Getsimple Cms
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
9.4%
CVE-2022-40889 CRITICAL POC Act Now

Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Phpok
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-3583 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Canteen Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Canteen Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3579 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Cashier Queuing System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cashier Queuing System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-41500 HIGH POC This Week

EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Eyoucms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-3584 HIGH POC This Week

A vulnerability was found in SourceCodester Canteen Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Canteen Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-41541 HIGH POC This Week

TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Ax10 Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-3305 HIGH POC This Week

Beijing Feishu Technology Co., Ltd Feishu v3.40.3 was discovered to contain an untrusted search path vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Feishu
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-42188 HIGH POC This Week

In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lavalite
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-43259 HIGH POC This Week

Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41547 HIGH POC PATCH This Week

Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP LFI Mobile Security Framework
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-41479 HIGH POC This Week

The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Asp Net Web Forms Controls
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-22223 HIGH POC This Week

On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping (PHP) nodes with link aggregation group (LAG) interfaces, an Improper Validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-42218 HIGH POC This Week

Open Source SACCO Management System v1.0 vulnerable to SQL Injection via /sacco_shield/manage_loan.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Open Source Sacco Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-41537 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /user_operations/profile.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Tours Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-41504 HIGH POC This Week

An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Billing System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-22249 MEDIUM POC This Month

An Improper Control of a Resource Through its Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Juniper XSS Denial Of Service Buffer Overflow Junos
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-42202 MEDIUM POC This Month

TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link XSS Tl Wr841n Firmware
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-22242 MEDIUM POC This Month

A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper XSS Junos
NVD
CVSS 3.1
6.1
EPSS
2.5%
CVE-2022-41540 MEDIUM POC This Month

The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass TP-Link Ax10 Firmware
NVD GitHub
CVSS 3.1
5.9
EPSS
1.1%
CVE-2022-39428 CRITICAL PATCH Act Now

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Web Applications Desktop Integrator
NVD
CVSS 3.1
9.8
EPSS
36.5%
CVE-2022-39198 CRITICAL PATCH Act Now

A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization RCE Dubbo
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-33874 CRITICAL Act Now

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Fortitester
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-33873 CRITICAL Act Now

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Fortitester
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-33872 CRITICAL Act Now

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Fortitester
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-35846 CRITICAL Act Now

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortitester
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-39056 CRITICAL Act Now

RAVA certificate validation system has insufficient validation for user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Rava Certificate Validation System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-22241 CRITICAL Act Now

An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data without proper authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Deserialization Junos
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-3587 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Cold Storage Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-39427 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Oracle Vm Virtualbox
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-21613 HIGH PATCH This Week

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Denial Of Service Enterprise Data Quality
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-22246 HIGH This Week

A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Information Disclosure PHP Junos
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-22239 HIGH This Week

An Execution with Unnecessary Privileges vulnerability in Management Daemon (mgd) of Juniper Networks Junos OS Evolved allows a locally authenticated attacker with low privileges to escalate their. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Privilege Escalation Junos Os Evolved
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-22229 HIGH This Week

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability, a stored XSS (or persistent), in the Control Center Controller web pages of Juniper Networks. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper XSS Paragon Active Assurance Control Center
NVD
CVSS 3.1
8.4
EPSS
0.7%
CVE-2022-3585 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Simple Cold Storage Management System 1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass CSRF Simple Cold Storage Management System
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-39426 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Oracle Vm Virtualbox
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-39425 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Oracle Vm Virtualbox
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2022-39424 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Oracle Code Injection Vm Virtualbox
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2022-39406 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise Common Components product of Oracle PeopleSoft (component: Approval Framework). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Common Components
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-21612 HIGH PATCH This Week

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Enterprise Data Quality
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-31122 HIGH This Week

Wire is an encrypted communication and collaboration platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Wire Server
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-36438 HIGH This Week

AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Asusswitch System Control Interface
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-22251 HIGH This Week

On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-21590 HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Core Formatting API). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Denial Of Service Bi Publisher
NVD
CVSS 3.1
7.6
EPSS
0.6%
CVE-2022-39422 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.5). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Oracle Privilege Escalation Vm Virtualbox
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-39412 HIGH PATCH This Week

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Console). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Oracle Access Manager
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-21634 HIGH PATCH This Week

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: LLVM Interpreter). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Denial Of Service Java Graalvm
NVD
CVSS 3.1
7.5
EPSS
1.3%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy