Skip to main content
CVE-2022-44384 HIGH POC Act Now

An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Rconfig
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
5.0%
CVE-2022-43183 HIGH POC PATCH This Week

XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Xxl Job
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-41920 HIGH POC PATCH This Week

Lancet is a general utility library for the go programming language. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Lancet
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-42246 HIGH POC This Week

Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Duofox Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-43140 HIGH POC This Week

kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Kkfileview
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-43179 HIGH POC This Week

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/?page=user/manage_user&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Leave Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-43163 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /clients/view_client.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-43162 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/view_test.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-44403 HIGH POC This Week

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=user/manage_user&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-44402 HIGH POC This Week

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_transaction. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-4052 HIGH POC This Week

A vulnerability was found in Student Attendance Management System and classified as critical.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Attendance Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2022-45077 HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP WordPress Deserialization Betheme
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-45069 HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Crowdsignal Dashboard
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-45066 HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Wooswipe Woocommerce Gallery
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-43506 HIGH This Week

SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-43457 HIGH This Week

SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-43452 HIGH This Week

SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
7.7%
CVE-2022-43447 HIGH This Week

SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-41775 HIGH This Week

SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-40200 HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Wpforo Forum
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-40192 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Wpforo Forum
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-45071 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Wpml
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-45461 HIGH This Week

The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Command Injection Netbackup
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-42533 HIGH This Week

In shared_metadata_init of SharedMetadata.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36924 HIGH This Week

The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Rooms
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-28768 HIGH This Week

The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Meetings
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-23748 HIGH KEV THREAT This Week

mDNSResponder.exe is vulnerable to DLL Sideloading attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dante Application Library
NVD
CVSS 3.1
7.8
EPSS
9.1%
CVE-2022-44725 HIGH PATCH This Week

OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Local Discovery Server
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-36785 HIGH This Week

D-Link - G integrated Access Device4 Information Disclosure & Authorization Bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Authentication Bypass G Integrated Access Device4 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-42894 HIGH This Week

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Syngo Dynamics Cardiovascular Imaging And Information System
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-42893 HIGH This Week

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Syngo Dynamics Cardiovascular Imaging And Information System
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-42891 HIGH This Week

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Syngo Dynamics Cardiovascular Imaging And Information System
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-42734 HIGH This Week

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Syngo Dynamics Cardiovascular Imaging And Information System
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-42733 HIGH This Week

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Syngo Dynamics Cardiovascular Imaging And Information System
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-42732 HIGH This Week

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Syngo Dynamics Cardiovascular Imaging And Information System
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-42982 HIGH This Week

BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bkg Professional Ntripcaster
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-28766 HIGH This Week

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Code Injection Meetings Rooms
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2022-39179 HIGH This Week

College Management System v1.0 - Authenticated remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE SQLi College Management System
NVD
CVSS 3.1
7.2
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy