Skip to main content
CVE-2022-44399 CRITICAL POC Act Now

Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Poultry Farm Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-44401 CRITICAL POC Act Now

Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Tours Travels Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-44400 CRITICAL POC Act Now

Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Purchase Order Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44283 CRITICAL POC Act Now

AVS Audio Converter 10.3 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Avs Audio Converter
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-3603 CRITICAL POC Act Now

The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Export Customers List Csv For Woocommerce
NVD WPScan
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-36193 CRITICAL POC Act Now

SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-31877 HIGH POC This Week

An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Center
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-45442 HIGH POC PATCH This Week

Sinatra is a domain-specific language for creating web applications in Ruby. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Sinatra Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-3865 HIGH POC This Week

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wp User Merger
NVD WPScan
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-3849 HIGH POC This Week

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wp User Merger
NVD WPScan
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-3848 HIGH POC This Week

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wp User Merger
NVD WPScan
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-3769 HIGH POC This Week

The OWM Weather WordPress plugin before 5.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Owm Weather
NVD WPScan
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-3768 HIGH POC This Week

The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wpsmartcontracts
NVD WPScan
CVSS 3.1
8.8
EPSS
3.7%
CVE-2022-24190 HIGH POC This Week

The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ourphoto
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-24188 HIGH POC This Week

The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ourphoto
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-24187 HIGH POC This Week

The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ourphoto
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-38900 HIGH POC PATCH THREAT This Week

decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Decode Uri Component
NVD GitHub
CVSS 3.1
7.5
EPSS
24.9%
CVE-2022-3689 HIGH POC This Week

The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Html Forms
NVD WPScan
CVSS 3.1
7.2
EPSS
1.8%
CVE-2022-3490 HIGH POC This Week

The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP WordPress Checkout Field Editor For Woocommerce
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-24189 MEDIUM POC This Month

The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ourphoto
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-44937 MEDIUM POC This Month

Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Bosscms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3511 MEDIUM POC This Month

The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Awesome Support
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-45214 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Sanitization Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-46147 MEDIUM POC PATCH This Month

Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Xblock Drag And Drop V2
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-3847 MEDIUM POC This Month

The Showing URL in QR Code WordPress plugin through 0.0.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Showing Url In Qr Code
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-2311 MEDIUM POC This Month

The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Find And Replace All
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-41912 CRITICAL PATCH Act Now

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Saml
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-4104 MEDIUM POC This Month

A loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lepton image compression tool, resulting in a denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Lepton
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43590 MEDIUM POC This Month

A null pointer dereference vulnerability exists in the handle_ioctl_0x830a0_systembuffer functionality of Callback technologies CBFS Filter 20.0.8317. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Cbfs Filter
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43589 MEDIUM POC This Month

A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Cbfs Filter
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43588 MEDIUM POC This Month

A null pointer dereference vulnerability exists in the handle_ioctl_83150 functionality of Callback technologies CBFS Filter 20.0.8317. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Cbfs Filter
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-44284 MEDIUM POC This Month

Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dag2000 16O Firmware
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-38140 HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Seo Plugin By Squirrly Seo
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-34654 HIGH This Week

Cross-Site Request Forgery (CSRF) in Virgial Berveling's Manage Notification E-mails plugin <= 1.8.2 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Manage Notification E Mails
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-3839 MEDIUM POC This Month

The Analytics for WP WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Analytics For Wp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3834 MEDIUM POC This Month

The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress XSS Google Forms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3833 MEDIUM POC This Month

The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Fancier Author Box
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3831 MEDIUM POC This Month

The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Recaptcha
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3828 MEDIUM POC This Month

The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Video Thumbnails
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3824 MEDIUM POC This Month

The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Admin Ui Customize
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3822 MEDIUM POC This Month

The Donations via PayPal WordPress plugin before 1.9.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Donations Via Paypal
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3610 MEDIUM POC This Month

The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Jeeng Push Notifications
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3601 MEDIUM POC This Month

The Image Hover Effects Css3 WordPress plugin through 4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Image Hover Effects Css3
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2983 MEDIUM POC This Month

The Salat Times WordPress plugin before 3.2.2 does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Salat Times
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3850 MEDIUM POC This Month

The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Find And Replace All
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-4020 HIGH This Week

Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Aspire A315 22G Firmware Aspire A115 21 Firmware Aspire A315 22 Firmware Extensa Ex215 21 Firmware +1
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-3088 HIGH This Week

UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12,&nbsp;UC-3100 System Image: Versions v1.0 to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Debian Uc 2101 Lx Firmware Uc 2102 Lx Firmware Uc 2104 Lx Firmware +61
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-45939 HIGH PATCH This Week

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Emacs Debian Linux Fedora
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-45921 HIGH PATCH This Week

FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Fusionauth
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41957 HIGH PATCH This Week

Muhammara is a node module with c/cpp bindings to modify PDF with JavaScript for node or electron. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Muhammara Hummus
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy