Skip to main content
CVE-2021-44087 CRITICAL POC Act Now

A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Attendance And Payroll System
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
4.7%
CVE-2021-44088 CRITICAL POC Act Now

An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Attendance And Payroll System
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
3.3%
CVE-2022-25760 CRITICAL POC Act Now

All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Accesslog
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-25354 CRITICAL POC PATCH Act Now

The package set-in before 2.0.3 are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Set In
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-25352 CRITICAL POC PATCH Act Now

The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Libnested
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-0749 CRITICAL POC Act Now

This affects all versions of package SinGooCMS.Utility. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Singoocms Utility
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-0748 CRITICAL POC Act Now

The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Post Loader
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-1000 CRITICAL POC PATCH Act Now

Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Tiny File Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-26501 CRITICAL KEV THREAT Act Now

Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Veeam Backup Replication
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-24074 CRITICAL Act Now

Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whale
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-22273 CRITICAL PATCH Act Now

Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Sma 200 Firmware Sma 210 Firmware Sma 400 Firmware Sma 410 Firmware +5
NVD
CVSS 3.1
9.8
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy