Skip to main content
CVE-2022-26171 CRITICAL POC Act Now

Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Bank Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-26170 CRITICAL POC Act Now

Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Mobile Comparison Website
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-26169 CRITICAL POC Act Now

Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Air Cargo Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-25399 CRITICAL POC Act Now

Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Real Estate Portal System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-25398 CRITICAL POC Act Now

Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Auto Spare Parts Management
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-25396 CRITICAL POC Act Now

Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cosmetics And Beauty Product Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-25394 CRITICAL POC Act Now

Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Medical Store Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-25045 CRITICAL POC Act Now

Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Home Owners Collection Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-23878 CRITICAL POC Act Now

seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Seacms
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-25016 CRITICAL POC Act Now

Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Home Owners Collection Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-25395 CRITICAL POC Act Now

Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the search parameter under the /cbpos/ app. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cosmetics And Beauty Product Online Store
NVD GitHub
CVSS 3.1
9.6
EPSS
1.0%
CVE-2022-0675 CRITICAL Act Now

In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Firewall
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-23640 CRITICAL PATCH Act Now

Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Apache XXE Excel Streaming Reader
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-24306 CRITICAL Act Now

Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Zoho Manageengine Sharepoint Manager Plus
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-24305 CRITICAL Act Now

Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Zoho Microsoft Information Disclosure Manageengine Sharepoint Manager Plus
NVD
CVSS 3.1
9.8
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy