Skip to main content
CVE-2022-44006 CRITICAL POC Act Now

An issue was discovered in BACKCLICK Professional 5.9.63. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Backclick
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-44004 CRITICAL POC Act Now

An issue was discovered in BACKCLICK Professional 5.9.63. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Backclick
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-44003 CRITICAL POC Act Now

An issue was discovered in BACKCLICK Professional 5.9.63. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Backclick
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-44000 CRITICAL POC Act Now

An issue was discovered in BACKCLICK Professional 5.9.63. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Backclick
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43999 CRITICAL POC Act Now

An issue was discovered in BACKCLICK Professional 5.9.63. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Backclick
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43135 CRITICAL POC Act Now

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /diagnostic/login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-43262 CRITICAL POC Act Now

Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /hrm/controller/login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Human Resource Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-43256 CRITICAL POC Act Now

SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43234 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Hoosk
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-3980 CRITICAL POC PATCH Act Now

An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Sophos RCE SSRF XXE Mobile
NVD
CVSS 3.1
9.8
EPSS
8.1%
CVE-2022-4015 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in Sports Club Management System 119. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sports Club Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-4012 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Hospital Management Center. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management Center
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-4011 CRITICAL POC Act Now

A vulnerability was found in Simple History Plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Simple History
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44007 HIGH POC This Week

An issue was discovered in BACKCLICK Professional 5.9.63. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Session Fixation Backclick
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-4013 HIGH POC This Week

A vulnerability classified as problematic was found in Hospital Management Center. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Authentication Bypass Hospital Management Center
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-43264 HIGH POC This Week

Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to perform directory traversal and download arbitrary files via a crafted web request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Guitar Pro
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45047 CRITICAL PATCH Act Now

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Java Apache Sshd
NVD VulDB
CVSS 3.1
9.8
EPSS
5.7%
CVE-2022-44008 MEDIUM POC This Month

An issue was discovered in BACKCLICK Professional 5.9.63. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tomcat Backclick
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43263 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Guitar Pro
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-40752 CRITICAL PATCH Act Now

IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection IBM Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-2166 CRITICAL PATCH Act Now

Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mastodon
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44073 MEDIUM POC This Month

Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44071 MEDIUM POC This Month

Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44070 MEDIUM POC This Month

Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44069 MEDIUM POC This Month

Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44005 MEDIUM POC This Month

An issue was discovered in BACKCLICK Professional 5.9.63. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Backclick
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-4021 HIGH PATCH This Week

The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Permalink Manager Lite
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-24036 HIGH This Week

Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Infraskope Siem
NVD VulDB
CVSS 3.1
8.6
EPSS
1.1%
CVE-2022-4018 MEDIUM POC PATCH This Month

Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Rdiffweb
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-3920 HIGH PATCH This Week

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp HashiCorp Consul
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-39383 MEDIUM PATCH This Month

KubeVela is an open source application delivery platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Kubevela
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-44002 MEDIUM This Month

An issue was discovered in BACKCLICK Professional 5.9.63. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Backclick
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-39318 MEDIUM PATCH This Month

FreeRDP is a free remote desktop protocol library and clients. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Freerdp Fedora
NVD GitHub
CVSS 3.1
5.7
EPSS
1.0%
CVE-2022-39347 MEDIUM PATCH This Month

FreeRDP is a free remote desktop protocol library and clients. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Freerdp Fedora
NVD GitHub
CVSS 3.1
5.7
EPSS
0.9%
CVE-2022-39316 MEDIUM PATCH This Month

FreeRDP is a free remote desktop protocol library and clients. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Freerdp Fedora
NVD GitHub
CVSS 3.1
5.7
EPSS
1.0%
CVE-2022-4022 MEDIUM PATCH This Month

The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Svg Support
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-39319 MEDIUM PATCH This Month

FreeRDP is a free remote desktop protocol library and clients. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Freerdp Fedora
NVD GitHub
CVSS 3.1
4.6
EPSS
0.7%
CVE-2022-39317 MEDIUM This Month

FreeRDP is a free remote desktop protocol library and clients. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Freerdp Fedora
NVD GitHub
CVSS 3.1
4.6
EPSS
0.6%
CVE-2022-41877 MEDIUM PATCH This Month

FreeRDP is a free remote desktop protocol library and clients. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Freerdp Fedora
NVD GitHub
CVSS 3.1
4.6
EPSS
0.7%
CVE-2022-39320 MEDIUM This Month

FreeRDP is a free remote desktop protocol library and clients. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Freerdp Fedora
NVD GitHub
CVSS 3.1
4.6
EPSS
0.7%
CVE-2022-4014 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in FeehiCMS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Authentication Bypass Feehicms
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-41917 MEDIUM PATCH This Month

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Java Elastic Opensearch
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-41914 LOW PATCH Monitor

Zulip is an open-source team collaboration tool. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Zulip Server
NVD GitHub
CVSS 3.1
3.7
EPSS
0.5%
CVE-2022-34354 LOW PATCH Monitor

IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure IBM Partner Engagement Manager
NVD
CVSS 3.1
3.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy