Skip to main content
CVE-2022-44785 CRITICAL POC Act Now

An issue was discovered in Appalti & Contratti 9.12.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Appalti Contratti
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-41945 CRITICAL POC Act Now

super-xray is a vulnerability scanner (xray) GUI launcher. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Super Xray
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-3634 CRITICAL POC Act Now

The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Contact Form 7 Database Addon
NVD WPScan
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-3600 CRITICAL POC Act Now

The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Easy Digital Downloads
NVD WPScan
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-4093 CRITICAL POC PATCH Act Now

SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure SQLi Authentication Bypass Dolibarr Erp Crm
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2022-43143 CRITICAL POC Act Now

A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Beekeeper Studio
NVD GitHub
CVSS 3.1
9.6
EPSS
0.8%
CVE-2022-3861 HIGH POC This Week

The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Information Disclosure WordPress Betheme
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
3.4%
CVE-2022-44784 HIGH POC This Week

An issue was discovered in Appalti & Contratti 9.12.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Authentication Bypass SSRF Appalti Contratti
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-3688 HIGH POC This Week

The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wpqa Builder
NVD WPScan
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-1578 HIGH POC This Week

The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress My Wpdb
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-3763 HIGH POC This Week

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Booster For Woocommerce
NVD WPScan
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-44830 HIGH POC This Week

Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Event Registration Application
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-40129 HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Use After Free Memory Corruption Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-37332 HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Use After Free Memory Corruption Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-32774 HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Use After Free Memory Corruption Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-44786 HIGH POC This Week

An issue was discovered in Appalti & Contratti 9.12.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

LFI Information Disclosure PHP Appalti Contratti
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-44163 HIGH POC This Week

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-44158 HIGH POC This Week

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function via set_device_name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-44156 HIGH POC This Week

Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-44169 HIGH POC This Week

Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-44168 HIGH POC This Week

Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic.. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-44167 HIGH POC This Week

Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-3691 HIGH POC This Week

The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information (including the DeepL API key) in files that are publicly accessible to an external, unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure WordPress Deepl Pro Api Translation
NVD WPScan
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-1579 HIGH POC This Week

The function check_is_login_page() uses headers for the IP check, which can be easily spoofed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Login Block Ips
NVD WPScan
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-3720 HIGH POC This Week

The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Event Monster
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-44788 MEDIUM POC This Month

An issue was discovered in Appalti & Contratti 9.12.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Session Fixation Appalti Contratti
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-4096 MEDIUM POC PATCH This Month

Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Appsmith
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-3762 MEDIUM POC This Month

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Booster For Woocommerce
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-44787 MEDIUM POC This Month

An issue was discovered in Appalti & Contratti 9.12.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Appalti Contratti
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-0421 MEDIUM POC This Month

The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Five Star Restaurant Reservations
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-30258 CRITICAL Act Now

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dns Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-30257 CRITICAL Act Now

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dns Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-44183 CRITICAL Act Now

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44180 CRITICAL Act Now

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-44178 CRITICAL Act Now

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-44177 CRITICAL Act Now

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-44176 CRITICAL Act Now

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-44175 CRITICAL Act Now

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-44174 CRITICAL Act Now

Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-44172 CRITICAL Act Now

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-44171 CRITICAL Act Now

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function form_fast_setting_wifi_set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-45146 MEDIUM POC PATCH This Month

An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Use After Free Memory Corruption Fips Java Api
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-4105 MEDIUM POC PATCH This Month

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Kiwi Tcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-43117 MEDIUM POC This Month

Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Password Storage Application
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-1581 MEDIUM POC This Month

The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wp Polls
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-42096 MEDIUM POC This Month

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Backdrop Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
2.0%
CVE-2022-40470 MEDIUM POC This Month

Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Blood Donor Management System
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-38148 HIGH PATCH This Week

Silverstripe silverstripe/framework through 4.11 allows SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Framework
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-45017 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wbce Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3753 MEDIUM POC This Month

The Evaluate WordPress plugin through 1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Evaluate
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy