Skip to main content
CVE-2022-0992 CRITICAL POC Act Now

The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Security Optimizer
NVD VulDB
CVSS 3.1
9.8
EPSS
4.4%
CVE-2022-25648 CRITICAL POC PATCH Act Now

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Git Extra Packages For Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
CVE-2022-27927 CRITICAL POC THREAT Act Now

A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Microfinance Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
13.8%
CVE-2022-21431 CRITICAL Act Now

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Communications Billing And Revenue Management
NVD
CVSS 3.1
10.0
EPSS
2.1%
CVE-2022-27862 CRITICAL Act Now

Arbitrary File Upload leading to RCE in E4J s.r.l. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress File Upload Vikbooking Hotel Booking Engine Property Management System Plugin
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-21445 CRITICAL KEV THREAT Act Now

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Oracle Application Development Framework
NVD
CVSS 3.1
9.8
EPSS
62.5%
CVE-2022-21420 CRITICAL Act Now

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Coherence
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-27104 CRITICAL Act Now

An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Formalms
NVD
CVSS 3.1
9.8
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy