Skip to main content
CVE-2022-43226 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/?page=appointments/view_appointment. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-43068 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-43066 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Master.php?f=delete_message. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-43227 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/admin/?page=appointments/view_appointment. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-41551 HIGH POC This Week

Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Garage Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-39356 HIGH PATCH This Week

Discourse is a platform for community discussion. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Discourse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-26122 HIGH PATCH This Week

An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Fortinet Authentication Bypass Antivirus Engine Fortimail Fortios
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2022-30307 HIGH PATCH This Week

A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-33870 HIGH PATCH This Week

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Fortitester
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-26119 HIGH PATCH This Week

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Fortinet Authentication Bypass Fortisiem
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3181 HIGH PATCH This Week

An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Vtscada
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41716 HIGH PATCH This Week

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Go
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-35842 HIGH PATCH This Week

An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-43995 HIGH PATCH This Week

Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Sudo
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy