Skip to main content
CVE-2022-46169 CRITICAL POC KEV PATCH THREAT Act Now

Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP Command Injection Cacti
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
99.8%
CVE-2022-32224 CRITICAL POC PATCH GHSA Act Now

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization SQLi Activerecord
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-32221 CRITICAL POC Act Now

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Clustered Data Ontap H300s Firmware H500s Firmware +5
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-44039 CRITICAL POC Act Now

Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Colibri Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-43516 CRITICAL POC Act Now

A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zabbix Information Disclosure Microsoft Windows Firewall
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43515 CRITICAL POC Act Now

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zabbix Information Disclosure Frontend
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-35255 CRITICAL POC Act Now

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Node Js Sinec Ins Debian Linux
NVD
CVSS 3.1
9.1
EPSS
1.9%
CVE-2022-45020 HIGH POC This Week

Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service XSS Rukovoditel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-45771 HIGH POC This Week

An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Pwndoc
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2022-45313 HIGH POC This Week

Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Information Disclosure RCE Buffer Overflow Routeros
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-4292 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0882. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Vim Ontap Select Deploy Administration Utility
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-43484 HIGH POC PATCH This Week

TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Terasoluna Global Framework Terasoluna Server Framework For Java Rich
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-3907 HIGH POC This Week

The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Clerk Io
NVD WPScan VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-45019 HIGH POC This Week

SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Senayan Library Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-37783 HIGH POC PATCH This Week

All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Craft Cms
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-3846 HIGH POC This Week

The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or freelancer) as the notification ID is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Workreap
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-3694 HIGH POC This Week

The Syncee WordPress plugin before 1.0.10 leaks the administrator token that can be used to take over the administrator's account. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Syncee Global Dropshipping
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-3858 HIGH POC This Week

The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button WordPress plugin before 3.0.3 does not properly sanitise and escape a parameter before using it in a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Chaty
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-3856 HIGH POC This Week

The Comic Book Management System WordPress plugin before 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Comic Book Management System
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-3249 HIGH POC This Week

The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wp Csv Exporter
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-1540 HIGH POC This Week

The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Postmagthemes Demo Import
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-4282 HIGH POC This Week

A vulnerability was found in SpringBootCMS and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Springbootcms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-45315 MEDIUM POC This Month

Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. Rated medium severity (CVSS 6.4). Public exploit code available and no vendor patch available.

RCE Information Disclosure Mikrotik Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
2.9%
CVE-2022-35260 MEDIUM POC This Month

curl can be told to parse a `.netrc` file for credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Curl Clustered Data Ontap H300s Firmware +5
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-35256 MEDIUM POC This Month

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Request Smuggling Node Js Llhttp Sinec Ins +1
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2022-3926 MEDIUM POC This Month

The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Oauth Server
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3677 MEDIUM POC This Month

The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Advanced Import
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-45990 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ecommerce Website
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-45769 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Clicshopping V3
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-43479 MEDIUM POC This Month

Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Shirasagi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-30123 CRITICAL PATCH Act Now

A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Rack Debian Linux
NVD
CVSS 3.1
10.0
EPSS
1.8%
CVE-2022-43549 CRITICAL Act Now

Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Veeam Backup For Google Cloud
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-40259 CRITICAL Act Now

MegaRAC Default Credentials Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Megarac Sp X
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-40242 CRITICAL Act Now

MegaRAC Default Credentials Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Megarac Sp X
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-27773 CRITICAL Act Now

A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Privilege Escalation Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-46164 CRITICAL POC PATCH THREAT Act Now

NodeBB is an open source Node.js based forum software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Nodebb
NVD GitHub
CVSS 3.1
9.8
EPSS
49.0%
CVE-2022-45481 CRITICAL Act Now

The default configuration of Lazy Mouse does not require a password, allowing remote unauthenticated users to execute arbitrary code with no prior authorization or authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Lazy Mouse
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-45479 CRITICAL Act Now

PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Pc Keyboard Wifi Bluetooth
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-45477 CRITICAL Act Now

Telepad allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Telepad
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-45822 CRITICAL Act Now

Unauth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Advanced Booking Calendar
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-42496 CRITICAL PATCH Act Now

OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Nadesiko3
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-41642 CRITICAL PATCH Act Now

OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Nadesiko3
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-4293 MEDIUM POC PATCH This Month

Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vim
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-43499 MEDIUM POC This Month

Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Shirasagi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-43553 HIGH This Week

A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Edgemax Edgerouter Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-3909 MEDIUM POC This Month

The Add Comments WordPress plugin through 1.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Add Comments
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3892 MEDIUM POC This Month

The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.2 does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Oauth Server
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3838 MEDIUM POC This Month

The WPUpper Share Buttons WordPress plugin through 3.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpupper Share Buttons
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3837 MEDIUM POC This Month

The Uji Countdown WordPress plugin before 2.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Uji Countdown
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3830 MEDIUM POC This Month

The WP Page Builder WordPress plugin through 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Page Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy