Skip to main content
CVE-2022-22954 CRITICAL POC KEV THREAT Emergency

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

VMware RCE Code Injection Identity Manager Vrealize Automation +3
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-37291 CRITICAL POC Act Now

An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi 4St L Bems
NVD VulDB
CVSS 3.1
9.8
EPSS
8.1%
CVE-2022-27115 CRITICAL POC PATCH THREAT Act Now

In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Elfinder
NVD GitHub
CVSS 3.1
9.8
EPSS
28.6%
CVE-2022-0949 CRITICAL POC Act Now

The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Block And Stop Bad Bots
NVD WPScan
CVSS 3.1
9.8
EPSS
7.9%
CVE-2022-1295 CRITICAL POC PATCH Act Now

Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Fullpage
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-1297 CRITICAL POC PATCH Act Now

Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Radare2
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-1296 CRITICAL POC PATCH Act Now

Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Radare2
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2022-1252 CRITICAL POC Act Now

Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gnuboard
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2022-24838 CRITICAL PATCH Act Now

Nextcloud Calendar is a calendar application for the nextcloud framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Nextcloud Calendar
NVD GitHub
CVSS 3.1
9.8
EPSS
32.3%
CVE-2022-27572 CRITICAL Act Now

Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Heap Overflow Android
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-27571 CRITICAL Act Now

Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Heap Overflow Android
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-27570 CRITICAL Act Now

Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Heap Overflow Android
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-27569 CRITICAL Act Now

Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Heap Overflow Android
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-27568 CRITICAL Act Now

Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Heap Overflow Android
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-27567 CRITICAL Act Now

Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Null Pointer Dereference Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-26098 CRITICAL Act Now

Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Heap Overflow Android
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-26097 CRITICAL Act Now

Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Null Pointer Dereference Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-26096 CRITICAL Act Now

Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Null Pointer Dereference Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-26095 CRITICAL Act Now

Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Null Pointer Dereference Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-26094 CRITICAL Act Now

Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Null Pointer Dereference Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-26093 CRITICAL Act Now

Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Null Pointer Dereference Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-24829 CRITICAL PATCH Act Now

Garden is an automation platform for Kubernetes development and testing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Kubernetes Garden
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-22258 CRITICAL Act Now

The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-1161 CRITICAL Act Now

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Compactlogix 1768 L43 Firmware Compactlogix 1768 L45 Firmware Compactlogix 1769 L31 Firmware Compactlogix 1769 L32C Firmware +20
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2022-27577 CRITICAL Act Now

The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Msc800 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2022-26099 CRITICAL Act Now

Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Null Pointer Dereference Android
NVD
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy