Skip to main content
CVE-2022-25089 CRITICAL POC THREAT Emergency

Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.6%.

Privilege Escalation Printix
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
18.6%
Threat
4.0
CVE-2022-22947 CRITICAL POC KEV PATCH THREAT Act Now

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection Spring Cloud Gateway Commerce Guided Search +8
NVD Exploit-DB
CVSS 3.1
10.0
EPSS
98.3%
CVE-2022-0265 CRITICAL POC PATCH Act Now

Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Hazelcast
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-24724 CRITICAL POC Act Now

cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow Cmark Gfm Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
4.2%
CVE-2022-25125 CRITICAL POC Act Now

MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mcms
NVD
CVSS 3.1
9.8
EPSS
7.0%
CVE-2022-23899 CRITICAL POC Act Now

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-23898 CRITICAL POC Act Now

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mcms
NVD GitHub
CVSS 3.1
9.8
EPSS
7.7%
CVE-2022-0841 CRITICAL POC PATCH Act Now

OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Node.js Npm Lockfile
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-0730 CRITICAL Act Now

Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cacti Debian Linux Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy