Skip to main content
CVE-2022-31877 HIGH POC This Week

An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Center
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-45442 HIGH POC PATCH This Week

Sinatra is a domain-specific language for creating web applications in Ruby. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Sinatra Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-3865 HIGH POC This Week

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wp User Merger
NVD WPScan
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-3849 HIGH POC This Week

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wp User Merger
NVD WPScan
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-3848 HIGH POC This Week

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wp User Merger
NVD WPScan
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-3769 HIGH POC This Week

The OWM Weather WordPress plugin before 5.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Owm Weather
NVD WPScan
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-3768 HIGH POC This Week

The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wpsmartcontracts
NVD WPScan
CVSS 3.1
8.8
EPSS
3.7%
CVE-2022-24190 HIGH POC This Week

The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ourphoto
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-24188 HIGH POC This Week

The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ourphoto
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-24187 HIGH POC This Week

The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ourphoto
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-38900 HIGH POC PATCH THREAT This Week

decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Decode Uri Component
NVD GitHub
CVSS 3.1
7.5
EPSS
24.9%
CVE-2022-3689 HIGH POC This Week

The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Html Forms
NVD WPScan
CVSS 3.1
7.2
EPSS
1.8%
CVE-2022-3490 HIGH POC This Week

The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP WordPress Checkout Field Editor For Woocommerce
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-38140 HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Seo Plugin By Squirrly Seo
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-34654 HIGH This Week

Cross-Site Request Forgery (CSRF) in Virgial Berveling's Manage Notification E-mails plugin <= 1.8.2 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Manage Notification E Mails
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-4020 HIGH This Week

Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Aspire A315 22G Firmware Aspire A115 21 Firmware Aspire A315 22 Firmware Extensa Ex215 21 Firmware +1
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-3088 HIGH This Week

UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12,&nbsp;UC-3100 System Image: Versions v1.0 to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Debian Uc 2101 Lx Firmware Uc 2102 Lx Firmware Uc 2104 Lx Firmware +61
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-45939 HIGH PATCH This Week

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Emacs Debian Linux Fedora
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-45921 HIGH PATCH This Week

FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Fusionauth
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41957 HIGH PATCH This Week

Muhammara is a node module with c/cpp bindings to modify PDF with JavaScript for node or electron. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Muhammara Hummus
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy