Skip to main content
CVE-2022-25148 CRITICAL POC PATCH THREAT Act Now

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi WordPress Wp Statistics
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
80.9%
CVE-2022-25004 CRITICAL POC Act Now

Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/manage_doctor.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-25003 CRITICAL POC Act Now

Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/view_doctor.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-25809 CRITICAL POC Act Now

Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Echo Dot Firmware
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2022-25418 CRITICAL POC Act Now

Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25417 CRITICAL POC Act Now

Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25414 CRITICAL POC THREAT Act Now

Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
10.4%
CVE-2022-25403 CRITICAL POC Act Now

HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-25084 CRITICAL POC THREAT Act Now

TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
24.8%
CVE-2022-25083 CRITICAL POC Act Now

TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A860R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-25082 CRITICAL POC THREAT Act Now

TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A950rg Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
15.7%
CVE-2022-25081 CRITICAL POC Act Now

TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command injection vulnerability in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T10 V2 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-25080 CRITICAL POC Act Now

TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A830R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-25079 CRITICAL POC Act Now

TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A810R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-25078 CRITICAL POC Act Now

TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-25077 CRITICAL POC THREAT Act Now

TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3100R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
32.6%
CVE-2022-25076 CRITICAL POC Act Now

TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection vulnerability in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A800R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-25075 CRITICAL POC THREAT Act Now

TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3000Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
56.2%
CVE-2022-25074 CRITICAL POC THREAT Act Now

TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE TP-Link Buffer Overflow Tl Wr902Ac Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
13.0%
CVE-2022-25073 CRITICAL POC THREAT Act Now

TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Tl Wr841n Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
13.0%
CVE-2022-25072 CRITICAL POC THREAT Act Now

TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE TP-Link Buffer Overflow Archer A54 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
13.0%
CVE-2022-25330 CRITICAL POC PATCH Act Now

Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow RCE Trend Micro Serverprotect Serverprotect For Network Appliance Filer +1
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2022-25402 CRITICAL POC Act Now

An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Hospital Management System
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2022-22794 CRITICAL Act Now

Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE SQLi Pineapp Mail Secure
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-25643 CRITICAL Act Now

seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Seatd
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-25406 CRITICAL Act Now

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via the DELETE_STR parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Tongda2000
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-25405 CRITICAL Act Now

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in change_box.php via the DELETE_STR parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Tongda2000
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-25404 CRITICAL Act Now

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETE_STR parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Tongda2000
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-21142 CRITICAL Act Now

Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass A Blog Cms
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-25329 CRITICAL PATCH Act Now

Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Trend Micro Serverprotect Serverprotect For Network Appliance Filer Serverprotect For Storage
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-25098 CRITICAL Act Now

ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ectouch
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy