Skip to main content
CVE-2022-3878 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Maxon ERP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Maxon
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3481 CRITICAL POC Act Now

The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Woocommerce Dropshipping
NVD WPScan VulDB
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-3463 CRITICAL POC Act Now

The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Contact Form
NVD WPScan VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-44797 CRITICAL POC PATCH Act Now

btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Btcd
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-43318 HIGH POC This Week

Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Human Resource Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-3537 HIGH POC This Week

The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Role Based Pricing For Woocommerce
NVD WPScan
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-3536 HIGH POC This Week

The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Deserialization Role Based Pricing For Woocommerce
NVD WPScan
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-3494 HIGH POC This Week

The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Complianz
NVD WPScan VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-3558 HIGH POC PATCH This Week

The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure WordPress Import And Export Users And Customers
NVD WPScan
CVSS 3.1
8.0
EPSS
1.0%
CVE-2022-43359 HIGH POC This Week

Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered to contain an out-of-bounds read in the function read_image_data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Gifdec
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-43319 HIGH POC This Week

An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Simple E Learning System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-43049 HIGH POC This Week

Canteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the component /youthappam/add-food.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Canteen Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-43052 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-43051 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete_test. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-43050 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Tours And Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-42990 HIGH POC This Week

Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Food Ordering Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-43352 HIGH POC This Week

Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_quote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sanitization Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-43350 HIGH POC This Week

Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sanitization Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-3418 HIGH POC This Week

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Code Injection Wp All Import
NVD WPScan VulDB
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-2711 HIGH POC This Week

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress Wp All Import
NVD WPScan
CVSS 3.1
7.2
EPSS
3.2%
CVE-2022-43351 MEDIUM POC This Month

Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Sanitization Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-44793 MEDIUM POC THREAT This Month

handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Net Snmp Debian Linux H300s Firmware +3
NVD GitHub
CVSS 3.1
6.5
EPSS
53.5%
CVE-2022-44792 MEDIUM POC THREAT This Month

handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Net Snmp Debian Linux H300s Firmware +3
NVD GitHub
CVSS 3.1
6.5
EPSS
52.1%
CVE-2022-43317 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Human Resource Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3873 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Drawio
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-44054 CRITICAL Act Now

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Xml
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44053 CRITICAL Act Now

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Networking
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-44052 CRITICAL Act Now

The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Dates
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44051 CRITICAL Act Now

The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Stats
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44050 CRITICAL Act Now

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Networking
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44049 CRITICAL Act Now

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Python
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44048 CRITICAL Act Now

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Urls
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-43305 CRITICAL Act Now

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Python
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-43304 CRITICAL Act Now

The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Timer
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-43303 CRITICAL Act Now

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Strings
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-42920 CRITICAL PATCH Act Now

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apache Buffer Overflow Commons Bcel Fedora
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-44796 CRITICAL Act Now

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ootbi
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3489 MEDIUM POC This Month

The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Hide
NVD WPScan VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-37865 CRITICAL PATCH Act Now

With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apache Ivy
NVD
CVSS 3.1
9.1
EPSS
1.8%
CVE-2022-42905 CRITICAL Act Now

In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Wolfssl
NVD GitHub
CVSS 3.1
9.1
EPSS
2.0%
CVE-2022-43046 MEDIUM POC This Month

Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Food Ordering Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-43306 HIGH This Week

The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Timer
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-3462 MEDIUM POC This Month

The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Highlight Focus
NVD WPScan VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-44794 HIGH This Week

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Ootbi
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-3872 HIGH PATCH This Week

An off-by-one read/write issue was found in the SDHCI device of QEMU. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Qemu
NVD
CVSS 3.1
8.6
EPSS
0.8%
CVE-2022-3451 MEDIUM POC This Month

The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Product Stock Manager
NVD WPScan VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-2387 MEDIUM POC This Month

The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Easy Digital Downloads
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-44747 HIGH This Week

Local privilege escalation due to improper soft link handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect Home Office
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-44733 HIGH This Week

Local privilege escalation due to insecure folder permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect Home Office
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-44732 HIGH This Week

Local privilege escalation due to insecure folder permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect Home Office
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy