Skip to main content
CVE-2022-33012 HIGH POC This Week

Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Microweber
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-42098 HIGH POC This Week

KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection via the profile.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Klik Socialmediawebsite
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-41950 HIGH POC This Week

super-xray is the GUI alternative for vulnerability scanning tool xray. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Super Xray
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-45331 HIGH POC This Week

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Aerocms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-45330 HIGH POC This Week

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Aerocms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-30529 HIGH POC This Week

File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Isic Lk
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-41919 HIGH PATCH This Week

Fastify is a web framework with minimal overhead and plugin architecture. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Fastify
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-39066 HIGH This Week

There is a SQL injection vulnerability in ZTE MF286R. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zte Mf286R Firmware
NVD
CVSS 3.1
8.8
EPSS
26.5%
CVE-2022-43685 HIGH PATCH This Week

CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ckan
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-41937 HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-2791 HIGH This Week

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Proficy
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41942 HIGH PATCH This Week

Sourcegraph is a code intelligence platform. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Command Injection Sourcegraph
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-3910 HIGH PATCH This Week

Use After Free vulnerability in Linux Kernel allows Privilege Escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Linux Use After Free Memory Corruption +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-41131 HIGH PATCH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Apache Command Injection Airflow Apache Airflow Providers Apache Hive
NVD GitHub
CVSS 3.1
7.8
EPSS
1.8%
CVE-2022-37931 HIGH This Week

A vulnerability in NetBatch-Plus software allows unauthorized access to the application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Nonstop Netbatch Plus
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-35407 HIGH This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Memory Corruption RCE Buffer Overflow Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-0222 HIGH This Week

A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp342010 Firmware +11
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-37301 HIGH This Week

A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Modicon M340 Bmx P34 2010 Firmware Modicon M340 Bmx P34 2030 Firmware Modicon M580 Bmeh582040 Firmware +45
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41936 HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41943 HIGH PATCH This Week

sourcegraph is a code intelligence platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Sourcegraph
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy