Skip to main content
CVE-2022-38488 CRITICAL POC THREAT Act Now

logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Logrocket Oauth2 Example
NVD GitHub
CVSS 3.1
9.8
EPSS
14.1%
CVE-2022-46072 CRITICAL POC Act Now

Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Helmet Store Showroom
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-46071 CRITICAL POC Act Now

There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Helmet Store Showroom Site
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-46997 CRITICAL POC Act Now

Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Passhunt
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-46996 CRITICAL POC Act Now

vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Vsphere Selfuse
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-46609 CRITICAL POC Act Now

Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python3 Restfulapi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-44832 CRITICAL POC Act Now

D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 3040 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2022-24377 CRITICAL POC PATCH Act Now

The package cycle-import-check before 1.3.2 are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Cycle Import Check
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-31358 CRITICAL POC Act Now

A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Virtual Environment
NVD VulDB
CVSS 3.1
9.0
EPSS
1.3%
CVE-2022-46443 HIGH POC THREAT This Week

mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Bangresto
NVD
CVSS 3.1
8.8
EPSS
37.7%
CVE-2022-46074 HIGH POC This Week

Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Helmet Store Showroom
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-42139 HIGH POC THREAT This Week

Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Dvw W02W2 E2 Firmware
NVD
CVSS 3.1
8.8
EPSS
18.2%
CVE-2022-37155 HIGH POC PATCH THREAT This Week

RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Spip
NVD GitHub
CVSS 3.1
8.8
EPSS
40.0%
CVE-2022-23512 HIGH POC This Week

MeterSphere is a one-stop open source continuous testing platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Metersphere
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-44910 HIGH POC This Week

Binbloom 2.0 was discovered to contain a heap buffer overflow via the read_pointer function at /binbloom-master/src/helpers.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Binbloom
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-44898 HIGH POC This Week

The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Aura Sync
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-46127 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/classes/Master.php?f=delete_product. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-46126 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/brands/manage_brand.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-46125 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=client/manage_client&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-46124 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=user/manage_user&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-46123 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/manage_category.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-46122 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/view_category.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-46121 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/manage_product&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-46120 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/view_product&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-46119 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=categories&c=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-46118 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=product_per_brand&bid=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-46117 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=view_product&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-42140 HIGH POC This Week

Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Dx 2100 L1 Cn Firmware
NVD
CVSS 3.1
7.2
EPSS
2.4%
CVE-2022-23520 MEDIUM POC PATCH This Month

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rails Html Sanitizers Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-46073 MEDIUM POC This Month

Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Helmet Store Showroom
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2022-23519 MEDIUM POC PATCH This Month

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rails Html Sanitizers Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-23518 MEDIUM POC PATCH This Month

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rails Html Sanitizers Debian Linux Loofah
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-3590 MEDIUM POC This Month

WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF WordPress
NVD WPScan
CVSS 3.1
5.9
EPSS
3.1%
CVE-2022-47406 CRITICAL PATCH Act Now

An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Change Password For Frontend Users
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-31702 CRITICAL PATCH Act Now

vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Vrealize Network Insight
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-46255 CRITICAL Act Now

An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Enterprise Server
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-4494 CRITICAL PATCH Act Now

A vulnerability, which was classified as critical, has been found in bspkrs MCPMappingViewer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Mcp Mapping Viewer
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-4493 CRITICAL PATCH Act Now

A vulnerability classified as critical was found in scifio. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Scifio
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-42141 MEDIUM POC This Month

Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dx 2100 L1 Cn Firmware
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-47408 CRITICAL PATCH Act Now

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Fp Newsletter
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-46344 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure RCE Buffer Overflow X Server Fedora +1
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-46343 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Use After Free Memory Corruption X Server Fedora +1
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2022-46342 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption X Server Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-46341 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow X Server Fedora +1
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-46340 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow X Server Fedora +1
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-46256 HIGH This Week

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal RCE Enterprise Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-34271 HIGH PATCH This Week

A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem.8.4 to 2.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apache Atlas
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-23503 HIGH PATCH This Week

TYPO3 is an open source PHP based web content management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection Typo3
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-4440 HIGH This Week

Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-4439 HIGH This Week

Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Microsoft Use After Free Memory Corruption +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy