Skip to main content
CVE-2022-26293 CRITICAL POC Act Now

Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Project Time Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-23812 CRITICAL POC PATCH MAL Act Now

This affects the package node-ipc from 10.1.1 and before 10.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Node Ipc
NVD GitHub
CVSS 3.1
9.8
EPSS
4.2%
CVE-2022-25251 CRITICAL Act Now

When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Axeda Agent Axeda Desktop Server
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-25247 CRITICAL Act Now

Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Microsoft Axeda Agent Axeda Desktop Server
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2022-0982 CRITICAL Act Now

The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Accel Ppp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy