Skip to main content
CVE-2022-45276 CRITICAL POC Act Now

An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yjcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-44255 CRITICAL POC Act Now

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Lr350 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-44252 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr350 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-44251 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr350 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-44250 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr350 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-44249 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr350 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-44139 CRITICAL POC Act Now

Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Apartment Visitors Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-41924 CRITICAL POC PATCH Act Now

A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Tailscale
NVD GitHub
CVSS 3.1
9.6
EPSS
1.6%
CVE-2022-45278 HIGH POC This Week

Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Jizhicms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-44140 HIGH POC This Week

Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jizhicms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-41934 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-41931 HIGH POC PATCH This Week

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-41928 HIGH POC PATCH This Week

XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-41925 HIGH POC PATCH This Week

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tailscale
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-44260 HIGH POC This Week

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Lr350 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-44259 HIGH POC This Week

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Lr350 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-44258 HIGH POC This Week

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Lr350 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2022-44257 HIGH POC This Week

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Lr350 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-44256 HIGH POC This Week

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-44254 HIGH POC This Week

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Lr350 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-44253 HIGH POC This Week

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Lr350 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-41930 HIGH POC PATCH This Week

org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.2
EPSS
0.8%
CVE-2022-40870 HIGH POC This Week

The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection Remote Application Server
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-45868 HIGH POC PATCH This Week

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure H2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-37772 HIGH POC This Week

Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Maarch Rm
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-39833 HIGH POC This Week

FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Filecloud
NVD GitHub
CVSS 3.1
7.2
EPSS
2.6%
CVE-2022-44278 HIGH POC This Week

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sanitization Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-37773 MEDIUM POC This Month

An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Maarch Rm
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-44280 MEDIUM POC This Month

Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Automotive Shop Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-4044 MEDIUM POC PATCH This Month

A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mattermost Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-45872 CRITICAL Act Now

iTerm2 before 3.4.18 mishandles a DECRQSS response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Iterm2
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-44120 CRITICAL Act Now

dedecmdv6 6.1.9 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Dedecmsv6
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-44118 CRITICAL Act Now

dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Dedecmsv6
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-44117 CRITICAL Act Now

Boa 0.94.14rc21 is vulnerable to SQL Injection via username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Boa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-41923 CRITICAL PATCH Act Now

Grails Spring Security Core plugin is vulnerable to privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Java Privilege Escalation Spring Security Core
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-41875 CRITICAL Act Now

A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Optica
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-41922 CRITICAL PATCH Act Now

`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Yii
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45462 CRITICAL PATCH Act Now

Alarm instance management has command injection when there is a specific command configured. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Dolphinscheduler
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-43213 CRITICAL Act Now

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Billing System Project
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-41946 MEDIUM POC PATCH This Month

pgjdbc is an open source postgresql JDBC Driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Apple Java PostgreSQL Postgresql Jdbc Driver +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-45280 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Eyoucms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-41446 MEDIUM POC This Month

An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Record Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2022-38724 MEDIUM POC PATCH This Month

Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Asset Admin Assets Framework
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-45866 MEDIUM POC PATCH This Month

qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Qpress Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2022-36111 MEDIUM POC PATCH This Month

immudb is a database with built-in cryptographic proof and verification. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Immudb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-43196 CRITICAL Act Now

dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Dedecmsv6
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-41929 MEDIUM POC PATCH This Month

org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-44789 HIGH PATCH This Week

A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Mujs Debian Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2022-23740 HIGH This Week

CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Enterprise Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-42896 HIGH PATCH This Week

There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Google RCE Use After Free Memory Corruption +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy