Skip to main content
CVE-2022-28219 CRITICAL POC PATCH THREAT Act Now

Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Zoho RCE XXE Manageengine Adaudit Plus
NVD
CVSS 3.1
9.8
EPSS
97.0%
CVE-2022-28468 CRITICAL POC Act Now

Payroll Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Payroll Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-28467 CRITICAL POC Act Now

Online Student Admission v1.0 was discovered to contain a SQL injection vulnerability via the txtapplicationID parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Student Admission
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-28116 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-28115 CRITICAL POC Act Now

Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Sports Complex Booking
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-27304 CRITICAL POC Act Now

Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Student Grading System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-27124 CRITICAL POC Act Now

Insurance Management System 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Insurance Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-27123 CRITICAL POC Act Now

Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Employee Performance Evaluation
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-26628 CRITICAL POC Act Now

Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Matrimony
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-26635 CRITICAL POC THREAT Act Now

PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Memcached
NVD GitHub
CVSS 3.1
9.8
EPSS
21.4%
CVE-2022-1212 CRITICAL POC PATCH Act Now

Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Use After Free Mruby
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-24231 CRITICAL POC Act Now

Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Student Information System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-26585 CRITICAL POC Act Now

Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mcms
NVD
CVSS 3.1
9.8
EPSS
5.6%
CVE-2022-0790 CRITICAL Act Now

Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Use After Free Denial Of Service Chrome
NVD
CVSS 3.1
9.6
EPSS
0.9%
CVE-2022-0466 CRITICAL PATCH Act Now

Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Chrome
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2022-0452 CRITICAL Act Now

Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Use After Free Denial Of Service Chrome
NVD
CVSS 3.1
9.6
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy