Skip to main content
CVE-2022-26143 CRITICAL POC KEV THREAT Act Now

The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Micollab Mivoice Business Express
NVD
CVSS 3.1
9.8
EPSS
87.6%
CVE-2022-24995 CRITICAL POC THREAT Act Now

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
13.6%
CVE-2022-24652 CRITICAL POC Act Now

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Sentcms
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-24651 CRITICAL POC Act Now

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Sentcms
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-24609 CRITICAL POC Act Now

Luocms v2.0 is affected by an incorrect access control vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Luocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-24607 CRITICAL POC Act Now

Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Luocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-24606 CRITICAL POC Act Now

Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Luocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-24605 CRITICAL POC Act Now

Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Luocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-24604 CRITICAL POC Act Now

Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Luocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-24603 CRITICAL POC Act Now

Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Luocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-24602 CRITICAL POC Act Now

Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Luocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-24600 CRITICAL POC Act Now

Luocms v2.0 is affected by SQL Injection through /admin/login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Luocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-24193 CRITICAL POC PATCH Act Now

CasaOS before v0.2.7 was discovered to contain a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Casaos
NVD GitHub
CVSS 3.1
9.8
EPSS
6.0%
CVE-2022-0895 CRITICAL POC PATCH Act Now

Static Code Injection in GitHub repository microweber/microweber prior to 1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Microweber
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-26520 CRITICAL PATCH Act Now

In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Information Disclosure Postgresql Jdbc Driver Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-26131 CRITICAL Act Now

Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Plc4Trucks Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-26100 CRITICAL Act Now

SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sapcar
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-25818 CRITICAL Act Now

Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-22814 CRITICAL Act Now

The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Myasus
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-23383 CRITICAL Act Now

YzmCMS v6.3 is affected by broken access control. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Yzmcms
NVD VulDB
CVSS 3.1
9.1
EPSS
1.4%
CVE-2022-25922 CRITICAL Act Now

Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Plc4Trucks Firmware
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2022-22795 CRITICAL Act Now

Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XXE Manager Agents
NVD
CVSS 3.1
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy