Skip to main content
CVE-2022-3384 HIGH POC PATCH THREAT Act Now

The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate_dropdown_options function that accepts user supplied input and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 38.4%.

WordPress PHP RCE Code Injection Ultimate Member
NVD VulDB GitHub
CVSS 3.1
7.2
EPSS
38.4%
Threat
4.1
CVE-2022-3383 HIGH POC PATCH THREAT Act Now

The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback function that accepts user supplied. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 34.9%.

WordPress RCE Code Injection Ultimate Member
NVD VulDB GitHub
CVSS 3.1
7.2
EPSS
34.9%
Threat
4.0
CVE-2022-44354 CRITICAL POC Act Now

SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Solarview Compact Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-44038 CRITICAL POC Act Now

Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Xsourceplayer 777D Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-3747 HIGH POC This Week

The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Becustom
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-46146 HIGH POC PATCH This Week

Prometheus Exporter Toolkit is a utility package to build exporters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Exporter Toolkit
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-4202 HIGH POC PATCH This Week

A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gpac
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-40799 HIGH POC KEV THREAT This Week

Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dnr 322L Firmware
NVD
CVSS 3.1
8.8
EPSS
31.3%
CVE-2022-44037 HIGH POC This Week

An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Ecu C Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-46152 HIGH POC PATCH This Week

OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Op Tee
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-21126 HIGH POC PATCH This Week

The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Java Htsjdk
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-45343 HIGH POC This Week

GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Use After Free Memory Corruption Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-45202 HIGH POC This Week

GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-44356 HIGH POC This Week

WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Wl Wn531G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2022-25848 HIGH POC This Week

This affects all versions of package static-dev-server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Static Dev Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-45329 HIGH POC This Week

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Aerocms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-43326 HIGH POC This Week

An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows attackers to arbitrarily change user and Administrator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Omnia Mpx Node Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-4172 MEDIUM POC PATCH This Month

An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Qemu Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-3991 MEDIUM POC This Month

The Photospace Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters saved via the update() function in versions up to, and including, 2.3.5 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Photospace Gallery
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-44279 MEDIUM POC This Month

Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Garage Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-44355 MEDIUM POC This Month

SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Solarview Compact Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2022-36433 MEDIUM POC This Month

The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Adobe XSS Amasty Blog Pro
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-3751 CRITICAL PATCH Act Now

SQL Injection in GitHub repository owncast/owncast prior to 0.0.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Owncast
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42109 CRITICAL Act Now

Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Shopping System Advanced
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45204 MEDIUM POC This Month

GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-3361 MEDIUM POC PATCH This Month

The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress PHP Path Traversal RCE Ultimate Member
NVD VulDB GitHub
CVSS 3.1
4.3
EPSS
5.9%
CVE-2022-42100 MEDIUM POC This Month

KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Klik
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-42099 MEDIUM POC This Month

KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Klik
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-4030 HIGH PATCH This Week

The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

WordPress PHP Path Traversal RCE Simple
NVD VulDB
CVSS 3.1
8.1
EPSS
5.4%
CVE-2022-3898 HIGH This Week

The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Affiliate Platform
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-36964 HIGH This Week

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Orion Platform
NVD
CVSS 3.1
8.8
EPSS
16.8%
CVE-2022-36960 HIGH This Week

SolarWinds Platform was susceptible to Improper Input Validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Orion Platform
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-44635 HIGH This Week

Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal RCE Apache File Upload Fineract
NVD
CVSS 3.1
8.8
EPSS
68.8%
CVE-2022-36137 MEDIUM POC This Month

ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Churchcrm
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-36136 MEDIUM POC This Month

ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Churchcrm
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-41675 HIGH This Week

A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Raidenmaild
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2022-4035 HIGH PATCH This Week

The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Appointment Hour Booking
NVD VulDB
CVSS 3.1
7.2
EPSS
1.8%
CVE-2022-4032 HIGH PATCH This Week

The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Code Injection Quiz And Survey Master
NVD VulDB
CVSS 3.1
7.2
EPSS
1.8%
CVE-2022-41568 HIGH This Week

LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Line
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-4027 HIGH PATCH This Week

The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during a forum response in versions up to, and including, 6.8 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Simple
NVD VulDB
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-36962 HIGH This Week

SolarWinds Platform was susceptible to Command Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Orion Platform
NVD
CVSS 3.1
7.2
EPSS
9.0%
CVE-2022-4034 MEDIUM PATCH This Month

The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required.

RCE WordPress Appointment Hour Booking
NVD VulDB
CVSS 3.1
5.8
EPSS
4.2%
CVE-2022-3896 MEDIUM This Month

The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER["REQUEST_URI"] in versions up to, and including, 6.3.9 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wp Affiliate Platform
NVD
CVSS 3.1
6.1
EPSS
2.7%
CVE-2022-4144 MEDIUM PATCH This Month

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Denial Of Service Buffer Overflow Qemu Extra Packages For Enterprise Linux +2
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-32966 MEDIUM This Month

RTL8168FP-CG Dash remote management function has missing authorization. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rtl8111Fp Cg Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-4028 MEDIUM PATCH This Month

The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during the profile-save action when modifying a profile signature in. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Simple
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-46155 MEDIUM PATCH This Month

Airtable.js is the JavaScript client for Airtable. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Node.js Information Disclosure Airtable
NVD GitHub
CVSS 3.1
6.4
EPSS
0.4%
CVE-2022-3897 MEDIUM This Month

The WP Affiliate Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 6.3.9 due to insufficient input sanitization and. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wp Affiliate Platform
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-46148 MEDIUM This Month

Discourse is an open-source messaging platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Discourse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-41676 MEDIUM This Month

Raiden MAILD Mail Server website mail field has insufficient filtering for user input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Raidenmaild
NVD
CVSS 3.1
5.4
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy