Skip to main content
CVE-2022-3861 HIGH POC This Week

The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Information Disclosure WordPress Betheme
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
3.4%
CVE-2022-44784 HIGH POC This Week

An issue was discovered in Appalti & Contratti 9.12.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Authentication Bypass SSRF Appalti Contratti
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-3688 HIGH POC This Week

The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wpqa Builder
NVD WPScan
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-1578 HIGH POC This Week

The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress My Wpdb
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-3763 HIGH POC This Week

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Booster For Woocommerce
NVD WPScan
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-44830 HIGH POC This Week

Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Event Registration Application
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-40129 HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Use After Free Memory Corruption Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-37332 HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Use After Free Memory Corruption Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-32774 HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Use After Free Memory Corruption Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-44786 HIGH POC This Week

An issue was discovered in Appalti & Contratti 9.12.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

LFI Information Disclosure PHP Appalti Contratti
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-44163 HIGH POC This Week

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-44158 HIGH POC This Week

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function via set_device_name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-44156 HIGH POC This Week

Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-44169 HIGH POC This Week

Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-44168 HIGH POC This Week

Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic.. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-44167 HIGH POC This Week

Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-3691 HIGH POC This Week

The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information (including the DeepL API key) in files that are publicly accessible to an external, unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure WordPress Deepl Pro Api Translation
NVD WPScan
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-1579 HIGH POC This Week

The function check_is_login_page() uses headers for the IP check, which can be easily spoofed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Login Block Ips
NVD WPScan
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-3720 HIGH POC This Week

The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Event Monster
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-38148 HIGH PATCH This Week

Silverstripe silverstripe/framework through 4.11 allows SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Framework
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-3589 HIGH This Week

An API Endpoint used by Miele's "AppWash" MobileApp in all versions was vulnerable to an authorization bypass. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Appwash
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-3388 HIGH This Week

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microscada Pro Sys600 Microscada X Sys600
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-45422 HIGH This Week

When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Smart Share
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-38097 HIGH This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Use After Free Memory Corruption Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-45470 HIGH This Week

missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Apache XSS Hama
NVD
CVSS 3.1
7.5
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy