Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2022-31114 | backpack/crud provides Create, Read, Update & Delete (CRUD) functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could conduct a targeted phishing campaign, in order to trick users or admins into clicking a malicious link, which under very specific circumstances could give them information or possibly admin access. Versions 5.0.13, 4.1.69, and 4 | 5.1 | 0.05% | 2026-06-03 | 2026-06-04 |
| CVE-2022-49042 | An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors. | 7.8 | 0.01% | 2026-06-03 | 2026-06-05 |
| CVE-2022-49036 | An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors. | 7.8 | 0.01% | 2026-06-03 | 2026-06-04 |
| CVE-2022-4992 | Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected) contain a network message handling vulnerability that allows remote attackers to inject spoofed or tampered data and cause denial-of-service conditions. Attackers can compromise network communications to modify device settings such as alarm states or alarm limits, or overwhelm the system with excessive network traffic causing the Cockpit or M540 to | 8.8 | 0.04% | 2026-06-02 | 2026-06-04 |
| CVE-2022-4991 | Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges. | 7.4 | 0.02% | 2026-06-01 | 2026-06-02 |
| CVE-2022-41656 | Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Account Manager for WooCommerce: from n/a through 2.1.2. | 4.3 | 0.07% | 2026-05-27 | 2026-05-27 |
| CVE-2022-34363 | Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the Unisphere for VMAX application running in vApp | 6.5 | 0.03% | 2026-05-22 | 2026-05-29 |
| CVE-2022-23826 | A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity. | 1.8 | 0.01% | 2026-05-15 | 2026-05-15 |
| CVE-2022-4988 | Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries. Alien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which has known vulnerabilities such as CVE-2015-0852 and CVE-2025-65803. The library embeds other images libraries that also have known vulnerabilities. | 7.3 | 0.06% | 2026-05-11 | 2026-05-13 |
| CVE-2022-50970 | WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payloads in the tab parameter of the aawp-settings admin page to execute arbitrary JavaScript in the context of authenticated users. | 5.1 | 0.03% | 2026-05-10 | 2026-05-12 |
| CVE-2022-50969 | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers. | 5.1 | 0.04% | 2026-05-10 | 2026-05-12 |
| CVE-2022-50968 | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers. | 5.1 | 0.04% | 2026-05-10 | 2026-05-12 |
| CVE-2022-50967 | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers. | 5.1 | 0.04% | 2026-05-10 | 2026-05-12 |
| CVE-2022-50966 | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers. | 5.1 | 0.04% | 2026-05-10 | 2026-05-12 |
| CVE-2022-50965 | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers. | 5.1 | 0.04% | 2026-05-10 | 2026-05-12 |
| CVE-2022-50964 | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers. | 5.1 | 0.04% | 2026-05-10 | 2026-05-12 |
| CVE-2022-50963 | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers. | 5.1 | 0.04% | 2026-05-10 | 2026-05-12 |
| CVE-2022-50962 | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers. | 5.1 | 0.04% | 2026-05-10 | 2026-05-12 |
| CVE-2022-50961 | WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code through the Frontend Settings interface. Attackers can inject malicious scripts in the URL field of the Display page settings that execute when administrators or other authenticated users visit the plugin settings page. | 5.1 | 0.03% | 2026-05-10 | 2026-05-12 |
| CVE-2022-50960 | WordPress International SMS for Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Attackers can inject malicious scripts through the page parameter in class-sms-log-display.php to execute arbitrary JavaScript in administrator browsers. | 5.1 | 0.03% | 2026-05-10 | 2026-05-26 |