Skip to main content
CVE-2022-28093 CRITICAL POC Act Now

SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Online Sports Complex Booking System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-23457 CRITICAL POC PATCH Act Now

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Enterprise Security Api Weblogic Server Active Iq Unified Manager Oncommand Workflow Automation
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-25866 CRITICAL POC PATCH Act Now

The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Command Injection Git Php
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2022-1391 CRITICAL POC THREAT Act Now

The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Cab Fare Calculator
NVD WPScan
CVSS 3.1
9.8
EPSS
13.8%
CVE-2022-1390 CRITICAL POC THREAT Act Now

The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Deserialization Path Traversal Admin Word Count Column
NVD WPScan
CVSS 3.1
9.8
EPSS
21.9%
CVE-2022-0782 CRITICAL POC Act Now

The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Donations
NVD WPScan
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-0769 CRITICAL POC Act Now

The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Users Ultra
NVD WPScan
CVSS 3.1
9.8
EPSS
8.5%
CVE-2022-0693 CRITICAL POC Act Now

The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Master Elements
NVD WPScan
CVSS 3.1
9.8
EPSS
7.1%
CVE-2022-0657 CRITICAL POC Act Now

The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress 5 Stars Rating Funnel
NVD WPScan
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-0541 CRITICAL POC Act Now

The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass WordPress Flo Launch
NVD WPScan
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-29078 CRITICAL POC PATCH THREAT Act Now

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Command Injection Node.js Ejs
NVD GitHub
CVSS 3.1
9.8
EPSS
32.8%
CVE-2022-27429 CRITICAL POC Act Now

Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SSRF Jizhicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-27311 CRITICAL PATCH Act Now

Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Gibbon
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-29264 CRITICAL PATCH Act Now

An issue was discovered in coreboot 4.13 through 4.16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Coreboot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-29077 CRITICAL PATCH Act Now

A heap-based buffer overflow exists in rippled before 1.8.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Rippled
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy