Skip to main content
CVE-2022-23044 HIGH POC This Week

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tiny File Manager
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-40282 HIGH POC This Week

The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Hirschmann Bat C2 Firmware
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2022-41706 HIGH POC PATCH This Week

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Browsershot
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2022-43984 HIGH POC PATCH This Week

Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Browsershot
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2022-43983 HIGH POC PATCH This Week

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Browsershot
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2022-38813 HIGH POC This Week

PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Phpgurukul Blood Donor Management System
NVD GitHub
CVSS 3.1
8.1
EPSS
1.5%
CVE-2022-41958 HIGH POC PATCH This Week

super-xray is a web vulnerability scanning tool. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Deserialization Super Xray
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-4141 HIGH POC PATCH This Week

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-44411 HIGH POC This Week

Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Web Based Quiz System
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-44860 HIGH POC This Week

Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/transactions/update_status.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-44859 HIGH POC This Week

Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/admin/products/manage_product.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-44858 HIGH POC This Week

Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-45039 HIGH POC This Week

An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Wbce Cms
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-41156 HIGH This Week

Remote code execution vulnerability due to insufficient verification of URLs, etc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ondiskplayeragent
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-38767 HIGH This Week

An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Vxworks
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-38166 HIGH This Week

In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Microsoft Denial Of Service Elements Endpoint Protection
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2721 HIGH This Week

In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Octopus Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-29831 HIGH This Week

Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z allows a remote unauthenticated attacker to obtain information about the project. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gx Works3
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-29829 HIGH This Week

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U, GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C, Motion Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gx Works3
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-29828 HIGH This Week

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gx Works3
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-29827 HIGH This Week

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gx Works3
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-29826 HIGH This Week

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gx Works3
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-29825 HIGH This Week

Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U, GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C, and MT Works2 versions from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gx Works3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-25164 HIGH This Week

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gx Works3 Mx Opc Ua Module Configurator R
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-45886 HIGH PATCH This Week

An issue was discovered in the Linux kernel through 6.0.9. Rated high severity (CVSS 7.0).

Race Condition Information Disclosure Linux Linux Kernel H410c Firmware +4
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-45885 HIGH This Week

An issue was discovered in the Linux kernel through 6.0.9. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Linux Linux Kernel H410c Firmware +4
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-45884 HIGH This Week

An issue was discovered in the Linux kernel through 6.0.9. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Linux Linux Kernel H300s Firmware +4
NVD
CVSS 3.1
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy