Skip to main content
CVE-2022-43571 HIGH POC THREAT Act Now

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Splunk Splunk Cloud Platform
NVD
CVSS 3.1
8.8
EPSS
14.3%
CVE-2022-42744 CRITICAL POC Act Now

CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Candidats
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-43109 CRITICAL POC Act Now

D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-43108 CRITICAL POC Act Now

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac23 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43107 CRITICAL POC Act Now

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac23 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43106 CRITICAL POC Act Now

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime parameter in the setSchedWifi function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac23 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43105 CRITICAL POC Act Now

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac23 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43104 CRITICAL POC Act Now

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac23 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43103 CRITICAL POC Act Now

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the list parameter in the formSetQosBand function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac23 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43102 CRITICAL POC Act Now

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac23 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43101 CRITICAL POC Act Now

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac23 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-39382 CRITICAL POC PATCH Act Now

Keystone is a headless CMS for Node.js - built with GraphQL and React.`@keystone-6/core@3.0.0 || 3.0.1` users that use `NODE_ENV` to trigger security-sensitive functionality in their production. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Node.js Keystone
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-38168 CRITICAL POC Act Now

Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Scopia Pathfinder 10 Pts Firmware Scopia Pathfinder 20 Pts Firmware
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2022-42751 HIGH POC This Week

CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Candidats
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-42750 HIGH POC This Week

CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Candidats
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-44638 HIGH POC This Week

In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Pixman Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-42745 HIGH POC This Week

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Candidats
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-43063 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Users.php?f=delete_client. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-43062 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_appointment. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-43061 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /operations/travellers.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Tours Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-42749 MEDIUM POC This Month

CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Candidats
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-42748 MEDIUM POC This Month

CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Candidats
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-42747 MEDIUM POC This Month

CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Candidats
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-42746 MEDIUM POC This Month

CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Candidats
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-42753 MEDIUM POC This Month

SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Salonerp
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-22425 CRITICAL PATCH Act Now

"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Code Injection Infosphere Information Server
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-39323 CRITICAL Act Now

GLPI stands for Gestionnaire Libre de Parc Informatique. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Glpi
NVD GitHub
CVSS 3.1
9.8
EPSS
34.3%
CVE-2022-41710 MEDIUM POC This Month

Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Markdownify
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-40276 MEDIUM POC This Month

Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zettlr
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-41435 MEDIUM POC PATCH This Month

OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Luci
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-42743 MEDIUM POC This Month

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Deep Parse Json
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-41714 MEDIUM POC This Month

fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Fastest Json Copy
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-41713 MEDIUM POC PATCH This Month

deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Deep Object Diff
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-39276 MEDIUM POC This Month

GLPI stands for Gestionnaire Libre de Parc Informatique. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Glpi
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-40747 CRITICAL PATCH Act Now

"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Infosphere Information Server
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-3776 HIGH This Week

The Restaurant Menu - Food Ordering System - Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Restaurant Menu Food Ordering System Table Reservation
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-3852 HIGH PATCH This Week

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Vr Calendar
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-43561 MEDIUM POC This Month

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-30608 HIGH PATCH This Week

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Infosphere Information Server
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-25952 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin <= 5.4.0 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Content Egg
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-3258 HIGH This Week

Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Windows allows Authentication Abuse. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Workforce Access
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-43372 MEDIUM POC This Month

Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /admin/store.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Emlog
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-39277 MEDIUM POC This Month

GLPI stands for Gestionnaire Libre de Parc Informatique. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-39262 MEDIUM POC This Month

GLPI stands for Gestionnaire Libre de Parc Informatique. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Glpi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-39234 HIGH This Week

GLPI stands for Gestionnaire Libre de Parc Informatique. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Glpi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-35717 HIGH PATCH This Week

"IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Infosphere Information Server
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-43574 HIGH PATCH This Week

"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

IBM Privilege Escalation Robotic Process Automation Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-43495 HIGH This Week

OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Openharmony
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-44624 HIGH This Week

In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-44623 HIGH This Week

In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy