Skip to main content
CVE-2022-45207 CRITICAL POC PATCH Act Now

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Jeecg Boot
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-45206 CRITICAL POC PATCH Act Now

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Jeecg Boot
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-44844 CRITICAL POC Act Now

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-44843 CRITICAL POC Act Now

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-45476 CRITICAL POC Act Now

Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Tiny File Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-41705 CRITICAL POC PATCH Act Now

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Badaso
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-4135 CRITICAL POC KEV PATCH THREAT Act Now

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Google Buffer Overflow Chrome Edge +1
NVD
CVSS 3.1
9.6
EPSS
31.9%
CVE-2022-37720 CRITICAL POC Act Now

Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation XSS Orchard Cms
NVD VulDB
CVSS 3.1
9.0
EPSS
1.0%
CVE-2022-23044 HIGH POC This Week

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tiny File Manager
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-40282 HIGH POC This Week

The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Hirschmann Bat C2 Firmware
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2022-41706 HIGH POC PATCH This Week

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Browsershot
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2022-43984 HIGH POC PATCH This Week

Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Browsershot
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2022-43983 HIGH POC PATCH This Week

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Browsershot
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2022-38813 HIGH POC This Week

PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Phpgurukul Blood Donor Management System
NVD GitHub
CVSS 3.1
8.1
EPSS
1.5%
CVE-2022-41958 HIGH POC PATCH This Week

super-xray is a web vulnerability scanning tool. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Deserialization Super Xray
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-4141 HIGH POC PATCH This Week

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-44411 HIGH POC This Week

Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Web Based Quiz System
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-44860 HIGH POC This Week

Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/transactions/update_status.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-44859 HIGH POC This Week

Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/admin/products/manage_product.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-44858 HIGH POC This Week

Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-45039 HIGH POC This Week

An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Wbce Cms
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-45475 MEDIUM POC This Month

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tiny File Manager
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-41712 MEDIUM POC This Month

Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Frappe
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-39333 MEDIUM POC PATCH This Month

Nexcloud desktop is the Desktop sync client for Nextcloud. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nextcloud XSS Desktop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0698 MEDIUM POC This Month

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-4091 MEDIUM POC This Month

A vulnerability was found in SourceCodester Canteen Management System. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Canteen Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-41158 CRITICAL Act Now

Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Eyoom Builder
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-41157 CRITICAL Act Now

A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Serp Server 2 0
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-45205 MEDIUM POC This Month

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeecg Boot
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-39332 MEDIUM POC PATCH This Month

Nexcloud desktop is the Desktop sync client for Nextcloud. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud XSS Desktop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-39331 MEDIUM POC PATCH This Month

Nexcloud desktop is the Desktop sync client for Nextcloud. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud XSS Desktop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-45040 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wbce Cms
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-45038 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wbce Cms
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-45037 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wbce Cms
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-45036 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wbce Cms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37721 CRITICAL Act Now

PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation XSS Pyrocms
NVD VulDB
CVSS 3.1
9.0
EPSS
0.7%
CVE-2022-45152 CRITICAL PATCH Act Now

A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2022-36133 CRITICAL Act Now

The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tm C3500 Firmware Tm C3510 Firmware Tm C3520 Firmware Tm C7500 Firmware +5
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-29830 CRITICAL Act Now

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z, and Motion Control Setting(GX Works3 related software) versions from 1.000A to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gx Works3
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2022-39334 MEDIUM POC PATCH This Month

Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Rated medium severity (CVSS 4.7). Public exploit code available.

Nextcloud Information Disclosure Desktop
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2022-45210 MEDIUM POC PATCH This Month

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Jeecg Boot
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-45208 MEDIUM POC PATCH This Month

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Jeecg Boot
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-41156 HIGH This Week

Remote code execution vulnerability due to insufficient verification of URLs, etc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ondiskplayeragent
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-38767 HIGH This Week

An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Vxworks
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-38166 HIGH This Week

In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Microsoft Denial Of Service Elements Endpoint Protection
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2721 HIGH This Week

In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Octopus Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-29831 HIGH This Week

Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z allows a remote unauthenticated attacker to obtain information about the project. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gx Works3
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-29829 HIGH This Week

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U, GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C, Motion Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gx Works3
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-29828 HIGH This Week

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gx Works3
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-29827 HIGH This Week

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gx Works3
NVD
CVSS 3.1
7.5
EPSS
1.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy