Skip to main content
CVE-2022-43286 CRITICAL POC PATCH Act Now

Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Information Disclosure Nginx Use After Free Njs
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43168 CRITICAL POC Act Now

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rukovoditel
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-39366 CRITICAL POC PATCH Act Now

DataHub is an open-source metadata platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Datahub
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-3741 CRITICAL POC PATCH Act Now

Impact varies for each individual vulnerability in the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Chatwoot
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-31678 CRITICAL POC Act Now

VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XXE VMware Cloud Foundation Nsx Data Center
NVD
CVSS 3.1
9.1
EPSS
8.1%
CVE-2022-3733 HIGH POC This Week

A vulnerability was found in SourceCodester Web-Based Student Clearance System. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Web Based Student Clearance System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-43281 HIGH POC This Week

wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector<wabt::Type, std::allocator<wabt::Type>>::size() at /bits/stl_vector.h. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Wasm
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-43285 HIGH POC This Week

Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Nginx Buffer Overflow Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-43284 HIGH POC This Week

Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-43233 HIGH POC This Week

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchSelectedUser.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Canteen Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-43232 HIGH POC This Week

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchOrderData.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Canteen Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-43231 HIGH POC This Week

Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Canteen Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-43230 HIGH POC This Week

Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=bookings/view_details. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Cold Storage Managment System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-43229 HIGH POC This Week

Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Cold Storage Managment System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-43228 HIGH POC This Week

Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /clearance/clearance.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Barangay Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-43276 HIGH POC This Week

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the productId parameter at /php_action/fetchSelectedfood.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Canteen Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-43275 HIGH POC This Week

Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Canteen Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-43282 HIGH POC This Week

wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Wabt
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-43280 HIGH POC This Week

wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Wabt
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-39367 MEDIUM POC PATCH This Month

QTIWorks is a software suite for standards-based assessment delivery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Qtiworks
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-2826 CRITICAL Act Now

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-37621 CRITICAL PATCH Act Now

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable in resolve-shims.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prototype Pollution Browserify Shim
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-37425 CRITICAL Act Now

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Opennebula
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-3320 CRITICAL Act Now

It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Warp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-3735 CRITICAL Act Now

A vulnerability was found in seccome Ehoney. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ehoney
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-3734 CRITICAL Act Now

A vulnerability was found in a port or fork of Redis. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Redis
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-3732 CRITICAL Act Now

A vulnerability was found in seccome Ehoney and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ehoney
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-3731 CRITICAL Act Now

A vulnerability has been found in seccome Ehoney and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ehoney
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-3730 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in seccome Ehoney. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ehoney
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-3729 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in seccome Ehoney. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ehoney
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-37915 CRITICAL Act Now

A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba Command Injection Aruba Edgeconnect Enterprise Orchestrator
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-37914 CRITICAL Act Now

Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba Authentication Bypass Aruba Edgeconnect Enterprise Orchestrator
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-37913 CRITICAL Act Now

Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba Authentication Bypass Aruba Edgeconnect Enterprise Orchestrator
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-33859 CRITICAL Act Now

A security vulnerability was discovered in the Eaton Foreseer EPMS software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Foreseer Electrical Power Monitoring System
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-3708 CRITICAL PATCH Act Now

The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Web Stories
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.9%
CVE-2022-43283 MEDIUM POC This Month

wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Wabt
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43170 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-43169 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-43167 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-43166 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-43165 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-43164 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-41648 CRITICAL Act Now

The HEIDENHAIN Controller TNC 640 NC software Version 340590 07 SP5, is vulnerable to improper authentication in its DNC communication for CNC machines. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Information Disclosure Tnc 640 Programming Station Heros
NVD
CVSS 4.0
9.2
EPSS
0.7%
CVE-2022-3401 HIGH This Week

The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Bricks
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-2475 HIGH This Week

Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Haas Controller Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2864 HIGH PATCH This Week

The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF WordPress PHP Demon Image Annotation
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-3512 HIGH This Week

Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Warp
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-3337 HIGH This Week

It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apple Warp Mobile Client
NVD GitHub
CVSS 3.1
8.5
EPSS
0.4%
CVE-2022-3321 HIGH This Week

It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Warp Mobile Client
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-2474 HIGH This Week

Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Haas Controller Firmware
NVD
CVSS 3.1
8.0
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy