Skip to main content
CVE-2022-3733 HIGH POC This Week

A vulnerability was found in SourceCodester Web-Based Student Clearance System. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Web Based Student Clearance System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-43281 HIGH POC This Week

wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector<wabt::Type, std::allocator<wabt::Type>>::size() at /bits/stl_vector.h. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Wasm
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-43285 HIGH POC This Week

Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Nginx Buffer Overflow Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-43284 HIGH POC This Week

Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-43233 HIGH POC This Week

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchSelectedUser.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Canteen Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-43232 HIGH POC This Week

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchOrderData.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Canteen Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-43231 HIGH POC This Week

Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Canteen Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-43230 HIGH POC This Week

Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=bookings/view_details. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Cold Storage Managment System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-43229 HIGH POC This Week

Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Cold Storage Managment System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-43228 HIGH POC This Week

Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /clearance/clearance.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Barangay Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-43276 HIGH POC This Week

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the productId parameter at /php_action/fetchSelectedfood.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Canteen Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-43275 HIGH POC This Week

Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Canteen Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-43282 HIGH POC This Week

wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Wabt
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-43280 HIGH POC This Week

wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Wabt
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-3401 HIGH This Week

The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Bricks
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-2475 HIGH This Week

Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Haas Controller Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2864 HIGH PATCH This Week

The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF WordPress PHP Demon Image Annotation
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-3512 HIGH This Week

Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Warp
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-3337 HIGH This Week

It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apple Warp Mobile Client
NVD GitHub
CVSS 3.1
8.5
EPSS
0.4%
CVE-2022-3321 HIGH This Week

It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Warp Mobile Client
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-2474 HIGH This Week

Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Haas Controller Firmware
NVD
CVSS 3.1
8.0
EPSS
0.7%
CVE-2021-36898 HIGH This Week

Auth. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Quiz And Survey Master
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-41636 HIGH This Week

Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haas Controller
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-3697 HIGH PATCH This Week

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ansible Ansible Collection
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-37426 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Opennebula
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-3322 HIGH This Week

Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Warp Mobile Client
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2022-3616 HIGH PATCH This Week

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Octorpki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy