Skip to main content
CVE-2022-43781 CRITICAL POC PATCH THREAT Act Now

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Command Injection Bitbucket
NVD
CVSS 3.1
9.8
EPSS
98.1%
CVE-2022-44384 HIGH POC Act Now

An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Rconfig
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
5.0%
CVE-2022-44001 CRITICAL POC Act Now

An issue was discovered in BACKCLICK Professional 5.9.63. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Backclick
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-4051 CRITICAL POC Act Now

A vulnerability has been found in Hostel Searching Project and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hostel Searching Project
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-43138 CRITICAL POC PATCH Act Now

Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Dolibarr Erp Crm
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42245 CRITICAL POC Act Now

Dreamer CMS 4.0.01 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Dreamer Cms
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40881 CRITICAL POC THREAT Act Now

SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Solarview Compact Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
29.5%
CVE-2022-43183 HIGH POC PATCH This Week

XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Xxl Job
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-41920 HIGH POC PATCH This Week

Lancet is a general utility library for the go programming language. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Lancet
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-42246 HIGH POC This Week

Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Duofox Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-43140 HIGH POC This Week

kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Kkfileview
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-43179 HIGH POC This Week

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/?page=user/manage_user&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Leave Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-43163 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /clients/view_client.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-43162 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/view_test.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-44403 HIGH POC This Week

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=user/manage_user&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-44402 HIGH POC This Week

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_transaction. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-4052 HIGH POC This Week

A vulnerability was found in Student Attendance Management System and classified as critical.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Attendance Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2022-43096 MEDIUM POC This Month

Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mediatrix 4102S Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2022-43192 MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Dedecms
NVD GitHub
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-43171 MEDIUM POC PATCH This Month

A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Lief
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-39389 MEDIUM POC PATCH This Month

Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Btcd Lightning Network Daemon
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-43142 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the add-fee.php component of Password Storage Application v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Password Storage Application
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-42187 MEDIUM POC This Month

Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hustoj
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-36786 CRITICAL Act Now

DLINK - DSL-224 Post-auth RCE. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dsl 224 Firmware
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2022-39180 CRITICAL Act Now

College Management System v1.0 - SQL Injection (SQLi). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi College Management System
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-38165 CRITICAL Act Now

Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal F Secure Policy Manager
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36787 CRITICAL Act Now

webvendome - webvendome SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Webvendome
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-36784 CRITICAL Act Now

Elsight - Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Halo Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-43782 CRITICAL PATCH Act Now

Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Atlassian Crowd
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-36432 MEDIUM POC This Month

The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Adobe XSS Blog Pro
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-45077 HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP WordPress Deserialization Betheme
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-45069 HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Crowdsignal Dashboard
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-45066 HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Wooswipe Woocommerce Gallery
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-43506 HIGH This Week

SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-43457 HIGH This Week

SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-43452 HIGH This Week

SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
7.7%
CVE-2022-43447 HIGH This Week

SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-41775 HIGH This Week

SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-40200 HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Wpforo Forum
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-40192 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Wpforo Forum
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-45071 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Wpml
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-4053 MEDIUM POC This Month

A vulnerability was found in Student Attendance Management System. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Student Attendance Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-45461 HIGH This Week

The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Command Injection Netbackup
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-42533 HIGH This Week

In shared_metadata_init of SharedMetadata.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36924 HIGH This Week

The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Rooms
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-28768 HIGH This Week

The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Meetings
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-23748 HIGH KEV THREAT This Week

mDNSResponder.exe is vulnerable to DLL Sideloading attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dante Application Library
NVD
CVSS 3.1
7.8
EPSS
9.1%
CVE-2022-44725 HIGH PATCH This Week

OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Local Discovery Server
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-36785 HIGH This Week

D-Link - G integrated Access Device4 Information Disclosure & Authorization Bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Authentication Bypass G Integrated Access Device4 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-42894 HIGH This Week

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Syngo Dynamics Cardiovascular Imaging And Information System
NVD
CVSS 3.1
7.5
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy