Skip to main content
CVE-2022-37706 HIGH POC PATCH Act Now

enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Enlightenment
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
5.5%
CVE-2022-44015 CRITICAL POC Act Now

An issue was discovered in Simmeth Lieferantenmanager before 5.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lieferantenmanager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-44013 CRITICAL POC Act Now

An issue was discovered in Simmeth Lieferantenmanager before 5.6. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lieferantenmanager
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-45891 CRITICAL POC Act Now

Planet eStream before 6.72.10.07 allows attackers to call restricted functions, and perform unauthenticated uploads (Upload2.ashx) or access content uploaded by other users (View.aspx after. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Planet Estream
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-40005 HIGH POC THREAT This Week

Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wifiber 120Ac Inmesh Firmware
NVD
CVSS 3.1
8.8
EPSS
34.8%
CVE-2022-42898 HIGH POC PATCH This Week

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Integer Overflow RCE Denial Of Service Buffer Overflow Kerberos 5 +2
NVD GitHub
CVSS 3.1
8.8
EPSS
6.4%
CVE-2022-45893 HIGH POC This Week

Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Planet Estream
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-44017 HIGH POC This Week

An issue was discovered in Simmeth Lieferantenmanager before 5.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Session Fixation Lieferantenmanager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-44016 HIGH POC This Week

An issue was discovered in Simmeth Lieferantenmanager before 5.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lieferantenmanager
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-42953 HIGH POC This Week

Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zmm200 Firmware Zmm210 Firmware Zmm220 Firmware Zem720 Firmware +6
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
4.8%
CVE-2022-45889 HIGH POC This Week

Planet eStream before 6.72.10.07 allows a remote attacker (who is a publisher or admin) to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Planet Estream
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-45895 MEDIUM POC This Month

Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Planet Estream
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-45894 MEDIUM POC This Month

GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Planet Estream
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-44014 MEDIUM POC This Month

An issue was discovered in Simmeth Lieferantenmanager before 5.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lieferantenmanager
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-4740 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in kkFileView. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kkfileview
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-45890 MEDIUM POC This Month

In Planet eStream before 6.72.10.07, a Reflected Cross-Site Scripting (XSS) vulnerability exists via any metadata filter field (e.g., search within Default.aspx with the r or fo parameter). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Planet Estream
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4739 CRITICAL Act Now

A vulnerability classified as critical was found in SourceCodester School Dormitory Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi School Dormitory Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-4737 CRITICAL Act Now

A vulnerability was found in SourceCodester Blood Bank Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Blood Bank Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-45896 CRITICAL Act Now

Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Planet Estream
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44640 CRITICAL Act Now

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Heimdal Samba
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-44380 MEDIUM POC PATCH This Month

Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Snipe It
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-44012 MEDIUM POC This Month

An issue was discovered in /DS/LM_API/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager before 5.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lieferantenmanager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-45892 MEDIUM POC This Month

In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Scripting (XSS) vulnerabilities exist: Disclaimer, Search Function, Comments, Batch editing tool, Content Creation, Related Media,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Planet Estream
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44381 MEDIUM POC This Month

Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Snipe It
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-41318 HIGH PATCH This Week

A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Squid
NVD GitHub
CVSS 3.1
8.6
EPSS
2.8%
CVE-2022-45197 HIGH PATCH This Week

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Slixmpp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-4741 MEDIUM PATCH This Month

A vulnerability was found in docconv up to 1.2.0 and classified as problematic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Docconv
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-41317 MEDIUM PATCH This Month

An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Squid
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2022-4738 MEDIUM This Month

A vulnerability classified as problematic has been found in SourceCodester Blood Bank Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Blood Bank Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4736 MEDIUM PATCH This Month

A vulnerability was found in Venganzas del Pasado and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Venganzas Del Pasado
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4735 MEDIUM PATCH This Month

A vulnerability classified as problematic was found in asrashley dash-live. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dash Live
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4731 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in myapnea up to 29.0.x. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Myapnea
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy