Skip to main content
CVE-2022-44588 CRITICAL POC THREAT Emergency

Unauth. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 34.0%.

WordPress SQLi Cryptocurrency Widgets Pack
NVD
CVSS 3.1
9.9
EPSS
34.0%
Threat
4.5
CVE-2022-46689 HIGH POC THREAT Act Now

A race condition was addressed with additional validation. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple Safari Ipados +4
NVD
CVSS 3.1
7.0
EPSS
44.7%
CVE-2022-45969 CRITICAL POC PATCH Act Now

Alist v3.4.0 is vulnerable to Directory Traversal,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Alist
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-46634 CRITICAL POC Act Now

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-46631 CRITICAL POC Act Now

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-44236 CRITICAL POC Act Now

Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak password vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force Voip Simplicity Asg
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-3427 HIGH POC PATCH This Week

The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Corner Ad
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-32573 HIGH POC This Week

A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Lansweeper
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2022-29517 HIGH POC THREAT This Week

A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Lansweeper
NVD
CVSS 3.1
8.8
EPSS
60.2%
CVE-2022-4506 HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Openemr
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-4511 HIGH POC This Week

A vulnerability has been found in RainyGao DocSys and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Docsys
NVD VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-4504 HIGH POC PATCH This Week

Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Openemr
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-29511 MEDIUM POC This Month

A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lansweeper 10.1.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lansweeper
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2022-4520 MEDIUM POC PATCH This Month

A vulnerability was found in WSO2 carbon-registry up to 4.8.11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Carbon Registry
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-44235 MEDIUM POC This Month

Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Voip Simplicity Asg
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-23474 MEDIUM POC PATCH This Month

Editor.js is a block-style editor with clean JSON output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Editor Js
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-32763 MEDIUM POC This Month

A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lansweeper
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-4503 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-4502 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-46393 CRITICAL Act Now

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Mbed Tls Fedora
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42842 CRITICAL Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow Ipados +4
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-42837 CRITICAL Act Now

An issue existed in the parsing of URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-40004 CRITICAL Act Now

Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL to the Audit Log. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Thingsboard
NVD GitHub
CVSS 3.1
9.6
EPSS
0.9%
CVE-2022-2536 MEDIUM POC This Month

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Authentication Bypass Transposh Wordpress Translation
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-45033 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Expense Tracker
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-40373 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Feehicms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-40002 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Feehicms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-40001 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Feehicms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-40000 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Feehicms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-28703 MEDIUM POC This Month

A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lansweeper
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2022-46700 HIGH This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow Safari +5
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-46699 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow Safari +5
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-46696 HIGH This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow Safari +5
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-46691 HIGH This Week

A memory consumption issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow Safari +5
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-42867 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple RCE Use After Free Memory Corruption +6
NVD
CVSS 3.1
8.8
EPSS
34.6%
CVE-2022-42863 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow Safari +5
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-42861 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-42856 HIGH KEV THREAT This Week

A type confusion issue was addressed with improved state handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Memory Corruption Safari Ipados +3
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2022-42844 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Ipados Iphone Os
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2022-4505 MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-45338 HIGH This Week

An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Exact Synergy
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-46701 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-46697 HIGH This Week

An out-of-bounds access issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow macOS
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-46694 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow Ipados +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-46693 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Microsoft RCE Memory Corruption +6
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-46690 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow Ipados +4
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-42850 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow Ipados +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-42849 HIGH This Week

An access issue existed with privileged API calls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os Tvos +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-42848 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os Tvos
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-42847 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow macOS
NVD
CVSS 3.1
7.8
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy