Skip to main content
CVE-2021-46009 CRITICAL POC THREAT Emergency

In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.2%.

Authentication Bypass A3100R Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
15.2%
CVE-2021-46007 CRITICAL POC Act Now

totolink a3100r V5.9c.4577 is vulnerable to os command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ar3100R Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-26645 CRITICAL POC Act Now

A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-26646 CRITICAL POC Act Now

Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-28206 CRITICAL POC PATCH Act Now

An issue was discovered in MediaWiki through 1.37.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Mediawiki
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-28205 CRITICAL POC PATCH Act Now

An issue was discovered in MediaWiki through 1.37.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Mediawiki
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-23799 CRITICAL PATCH Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-23797 CRITICAL Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Joomla
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-23795 CRITICAL Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-28209 CRITICAL PATCH Act Now

An issue was discovered in Mediawiki through 1.37.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mediawiki
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-24693 CRITICAL Act Now

Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nova436Q Firmware Neutrino 430 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2022-25620 CRITICAL Act Now

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sambabox
NVD
CVSS 3.1
9.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy