Exploit Database

144,178 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-36123 WRITEUP HIGH
Linux kernel <5.18.13 - DoS/Privilege Escalation
The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.
CVSS 7.8
CVE-2022-36193 WRITEUP CRITICAL
School Management System 1.0 - SQL Injection
SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.
CVSS 9.8
CVE-2022-36259 WRITEUP HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password", etc.
CVSS 7.5
CVE-2022-36259 WRITEUP HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password", etc.
CVSS 7.5
CVE-2022-36258 WRITEUP HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".
CVSS 7.5
CVE-2022-36258 WRITEUP HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".
CVSS 7.5
CVE-2022-36257 WRITEUP HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc.
CVSS 7.5
CVE-2022-36257 WRITEUP HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc.
CVSS 7.5
CVE-2022-36256 WRITEUP HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode".
CVSS 7.5
CVE-2022-36256 WRITEUP HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode".
CVSS 7.5
CVE-2022-36255 WRITEUP HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".
CVSS 7.5
CVE-2022-36255 WRITEUP HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".
CVSS 7.5
CVE-2022-35606 WRITEUP CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via CustomerDAO.java customerCode Parameter
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.'
CVSS 9.8
CVE-2022-35605 WRITEUP CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via UserDAO.java Parameters
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc.
CVSS 9.8
CVE-2022-35603 WRITEUP CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via searchTxt Parameter
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt.
CVSS 9.8
CVE-2022-35602 WRITEUP CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via User Parameter
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user.
CVSS 9.8
CVE-2022-35601 WRITEUP CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via SupplierDAO.java searchTxt Parameter
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt.
CVSS 9.8
CVE-2022-35599 WRITEUP CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via productcode Parameter
A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode.
CVSS 9.8
CVE-2022-35598 WRITEUP CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via Username Parameter
A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username.
CVSS 9.8
CVE-2022-36261 WRITEUP CRITICAL
taocms 3.0.2 - Arbitrary File Deletion via Admin File Deletion Endpoint
An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt
CVSS 9.1
CVE-2022-36267 WRITEUP CRITICAL
Airspan AirSpot 5410 <0.3.4.1-4 - Command Injection
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.
CVSS 9.8
CVE-2022-36436 WRITEUP CRITICAL
OSU Open Source Lab VNCAuthProxy <1.1.1 - Auth Bypass
OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session. A remote attacker with network access to the proxy server could leverage this vulnerability to connect to VNC servers protected by the proxy server without providing any authentication credentials. Exploitation of this issue requires that the proxy server is currently accepting connections for the target VNC server.
CVSS 9.8
CVE-2022-36440 WRITEUP HIGH
Frrouting 8.3.0 - Denial of Service via Malicious BGP Open Packet
A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.
CVSS 7.5
CVE-2022-36446 WRITEUP CRITICAL
Webmin < 1.997 - Remote Code Execution via Unescaped UI Command
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
CVSS 9.8
CVE-2022-36446 WRITEUP CRITICAL
Webmin < 1.997 - Remote Code Execution via Unescaped UI Command
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
CVSS 9.8
By Source
All 144,178 Writeup 62,156 Exploitdb 50,122 Nomisec 22,370 Github 3,576 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 475 Gitee 415 Patchapalooza 312
By Language
text 31,432 python 6,545 ruby 6,001 c 3,624 perl 2,849 html 2,074 php 1,332 bash 462 java 370 c++ 259 javascript 228 shell 131 go 72 postscript 25 typescript 25