Skip to main content
CVE-2022-34827 CRITICAL POC Act Now

Carel Boss Mini 1.5.0 has Improper Access Control. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Boss Mini Firmware
NVD GitHub
CVSS 3.1
9.9
EPSS
0.8%
CVE-2022-45132 CRITICAL POC Act Now

In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Lava
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-41900 CRITICAL POC PATCH Act Now

TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure RCE Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-41840 CRITICAL POC Act Now

Unauth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal WordPress Welcart E Commerce
NVD
CVSS 3.1
9.8
EPSS
5.1%
CVE-2022-45474 CRITICAL POC PATCH Act Now

drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Use After Free Memory Corruption Drachtio Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-44204 CRITICAL POC Act Now

D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 3060 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41880 CRITICAL POC PATCH Act Now

TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2022-41894 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-37197 HIGH POC This Week

IOBit IOTransfer V4 is vulnerable to Unquoted Service Path. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Iotransfer
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-43308 HIGH POC This Week

INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sg 2404 Poe Firmware Sg 2404 Mr Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-38871 HIGH POC This Week

In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Free5gc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41909 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-41908 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41907 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41901 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41899 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41898 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41897 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41896 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41895 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41893 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41891 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41890 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41889 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41888 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41887 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41886 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41885 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41884 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-41883 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-44820 HIGH POC This Week

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=transactions/manage_transaction&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-44415 HIGH POC This Week

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/view_mechanic.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-44414 HIGH POC This Week

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/services/manage_service.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-44413 HIGH POC This Week

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/manage_mechanic.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-44379 HIGH POC This Week

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-44378 HIGH POC This Week

Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-42698 CRITICAL Act Now

Unauth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress File Upload Api2Cart Bridge Connector
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42497 CRITICAL Act Now

Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi WordPress Api2Cart Bridge Connector
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-41781 CRITICAL Act Now

Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Permalink Manager Lite
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-41652 CRITICAL Act Now

Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Quiz And Survey Master
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-45473 MEDIUM POC PATCH This Month

In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Drachtio Server
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-44584 CRITICAL Act Now

Unauth. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Watchtower
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2022-45073 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Wordpress Rest Api Authentication
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-44740 HIGH This Week

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Creative Mail
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-43492 HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wpdiscuz
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-41634 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Media Library Folders
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-40695 HIGH This Week

Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress XSS Seo Redirection
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-43482 HIGH This Week

Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Appointment Booking Calendar
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-42461 HIGH This Week

Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Privilege Escalation WordPress Google Authenticator
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-41692 HIGH This Week

Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Appointment Hour Booking
NVD
CVSS 3.1
8.8
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy