Skip to main content
CVE-2022-45020 HIGH POC This Week

Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service XSS Rukovoditel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-45771 HIGH POC This Week

An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Pwndoc
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2022-45313 HIGH POC This Week

Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Information Disclosure RCE Buffer Overflow Routeros
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-4292 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0882. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Vim Ontap Select Deploy Administration Utility
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-43484 HIGH POC PATCH This Week

TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Terasoluna Global Framework Terasoluna Server Framework For Java Rich
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-3907 HIGH POC This Week

The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Clerk Io
NVD WPScan VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-45019 HIGH POC This Week

SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Senayan Library Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-37783 HIGH POC PATCH This Week

All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Craft Cms
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-3846 HIGH POC This Week

The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or freelancer) as the notification ID is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Workreap
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-3694 HIGH POC This Week

The Syncee WordPress plugin before 1.0.10 leaks the administrator token that can be used to take over the administrator's account. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Syncee Global Dropshipping
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-3858 HIGH POC This Week

The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button WordPress plugin before 3.0.3 does not properly sanitise and escape a parameter before using it in a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Chaty
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-3856 HIGH POC This Week

The Comic Book Management System WordPress plugin before 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Comic Book Management System
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-3249 HIGH POC This Week

The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wp Csv Exporter
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-1540 HIGH POC This Week

The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Postmagthemes Demo Import
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-4282 HIGH POC This Week

A vulnerability was found in SpringBootCMS and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Springbootcms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-43553 HIGH This Week

A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Edgemax Edgerouter Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-4281 HIGH This Week

A vulnerability has been found in Facepay 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Facepay
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-43548 HIGH PATCH This Week

A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Node.js Command Injection Node Js Debian Linux
NVD
CVSS 3.1
8.1
EPSS
14.0%
CVE-2022-35259 HIGH This Week

XML Injection with Endpoint Manager 2022. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-37325 HIGH PATCH This Week

In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Asterisk
NVD VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-35258 HIGH This Week

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Connect Secure Neurons For Zero Trust Access Policy Secure
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-35254 HIGH This Week

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Use After Free Memory Corruption Connect Secure +2
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-30122 HIGH PATCH This Week

A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rack Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-2827 HIGH This Week

AMI MegaRAC User Enumeration Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Megarac Sp X
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-41777 HIGH PATCH This Week

Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Nadesiko3
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-43470 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

CSRF Fs040U Firmware Fs020W Firmware Fs030W Firmware Fs040W Firmware
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2022-45912 HIGH This Week

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Collaboration
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy