Skip to main content
CVE-2022-40434 CRITICAL POC Act Now

Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Softr
NVD VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-44109 CRITICAL POC Act Now

pdftojson commit 94204bb was discovered to contain a stack overflow via the component Stream::makeFilter(char*, Stream*, Object*, int). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Pdftojson
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44108 CRITICAL POC Act Now

pdftojson commit 94204bb was discovered to contain a stack overflow via the component Object::copy(Object*):Object.cc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Pdftojson
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-4063 CRITICAL POC Act Now

The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress Inpost Gallery
NVD WPScan
CVSS 3.1
9.8
EPSS
9.5%
CVE-2022-4050 CRITICAL POC Act Now

The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Joomsport
NVD WPScan
CVSS 3.1
9.8
EPSS
4.8%
CVE-2022-44940 CRITICAL POC PATCH Act Now

Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Patchelf
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-46403 HIGH POC This Week

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bm78 Firmware Bm83 Firmware Rn4870 Firmware Rn4871 Firmware +5
NVD
CVSS 3.1
8.6
EPSS
0.8%
CVE-2022-43289 HIGH POC This Week

Deark v.1.6.2 was discovered to contain a stack overflow via the do_prism_read_palette() function at /modules/atari-img.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Deark
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-46399 HIGH POC This Week

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Bm78 Firmware Bm83 Firmware Rn4870 Firmware Rn4871 Firmware +10
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-45041 HIGH POC This Week

SQL Injection exits in xinhu < 2.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Xinhu
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-4106 HIGH POC This Week

The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure WordPress Wholesale Market For Woocommerce
NVD WPScan
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-4061 HIGH POC This Week

The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Jobboardwp
NVD WPScan
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-3875 HIGH POC This Week

A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Passwordstate
NVD VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-46402 MEDIUM POC This Month

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bm78 Firmware Bm83 Firmware Rn4870 Firmware Rn4871 Firmware +5
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-4613 MEDIUM POC This Month

A vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as critical. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Passwordstate
NVD VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-4612 MEDIUM POC This Month

A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Passwordstate
NVD VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-4107 MEDIUM POC This Month

The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Smsa Shipping For Woocommerce
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-4024 MEDIUM POC This Month

The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Pie Register
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3961 MEDIUM POC This Month

The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessing sensitive system information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Directorist
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-3876 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Passwordstate
NVD VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-47549 MEDIUM POC This Month

An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Jwt Attack Authentication Bypass Op Tee
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-4615 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-28173 CRITICAL PATCH Act Now

The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Hikvision Authentication Bypass Ds 3Wf0Ac 2Nt Firmware Ds 3Wf01C 2N O Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-4427 CRITICAL Act Now

Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Otrs
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-44456 CRITICAL PATCH Act Now

CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Conprosys Hmi System
NVD
CVSS 3.1
9.8
EPSS
69.9%
CVE-2022-4610 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Passwordstate
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-46401 MEDIUM POC This Month

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bm78 Firmware Bm83 Firmware Rn4870 Firmware Rn4871 Firmware +8
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-46400 MEDIUM POC This Month

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bm78 Firmware Bm83 Firmware Rn4870 Firmware Rn4871 Firmware +5
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-4614 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository alagrede/znote-app prior to 1.7.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Znote
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-31683 MEDIUM POC PATCH This Month

Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Concourse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-4058 MEDIUM POC This Month

The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Photo Gallery
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-3987 MEDIUM POC This Month

The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Responsive Lightbox2
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3986 MEDIUM POC This Month

The WP Stripe Checkout WordPress plugin before 1.2.2.21 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Stripe Checkout
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3985 MEDIUM POC This Month

The Videojs HTML5 Player WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Videojs Html5 Player
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3984 MEDIUM POC This Month

The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Flowplayer Video Player
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3983 MEDIUM POC This Month

The Checkout for PayPal WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Checkout For Paypal
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3937 MEDIUM POC This Month

The Easy Video Player WordPress plugin before 1.2.2.3 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Video Player
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-4609 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-3877 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS Passwordstate
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-4611 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Passwordstate
NVD VulDB
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-47547 MEDIUM POC This Month

GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gossipsub
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-38708 CRITICAL PATCH Act Now

IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF IBM Cognos Analytics
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2022-40435 MEDIUM POC This Month

Employee Performance Evaluation System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via adding new entries under the Departments and Designations module. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Employee Performance Evaluation System
NVD VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-4108 MEDIUM POC This Month

The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Wholesale Market For Woocommerce
NVD WPScan
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-4112 MEDIUM POC This Month

The Quizlord WordPress plugin through 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Quizlord
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3832 MEDIUM POC This Month

The External Media WordPress plugin before 1.0.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS External Media
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-43443 HIGH This Week

OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Wsr 3200Ax4S Firmware Wsr 3200Ax4B Firmware Wsr 2533Dhp2 Firmware Wsr A2533Dhp2 Firmware +7
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-4125 MEDIUM POC This Month

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Popup Manager
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-4124 MEDIUM POC This Month

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Popup Manager
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-42947 HIGH This Week

A maliciously crafted X_B file when parsed through Autodesk Maya 2023 and 2022 can be used to write beyond the allocated buffer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Maya
NVD
CVSS 3.1
7.8
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy