Skip to main content
CVE-2022-0860 CRITICAL POC PATCH Act Now

Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Cobbler Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
2.3%
CVE-2022-0871 CRITICAL POC PATCH Act Now

Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Gogs
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2021-44620 CRITICAL Act Now

A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection A3100R Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-24754 CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C language. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Pjsip Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-25621 CRITICAL Act Now

UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Univerge Wa1020 Firmware Univerge Wa1510 Firmware Univerge Wa1511 Firmware Univerge Wa1512 Firmware +6
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-23730 CRITICAL Act Now

The public API error causes for the attacker to be able to bypass API access control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webos
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-24433 CRITICAL PATCH Act Now

The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Simple Git
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-23402 CRITICAL Act Now

The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Centum Vp Firmware Centum Vp Entry Firmware Exaopc
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-21194 CRITICAL Act Now

The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Centum Vp Firmware Centum Vp Entry Firmware Exaopc
NVD
CVSS 3.1
9.8
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy