Skip to main content
CVE-2022-24706 CRITICAL POC KEV PATCH THREAT Act Now

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Information Disclosure Couchdb
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
92.5%
CVE-2022-29806 CRITICAL POC PATCH THREAT Act Now

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Zoneminder
NVD GitHub
CVSS 3.1
9.8
EPSS
67.1%
CVE-2022-27985 CRITICAL POC Act Now

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cuppacms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
6.9%
CVE-2022-27984 CRITICAL POC Act Now

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Microsoft PHP Cuppacms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
6.9%
CVE-2022-28521 CRITICAL POC Act Now

ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Zcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-24881 CRITICAL POC PATCH Act Now

Ballcat Codegen provides the function of online editing code to generate templates. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Codegen
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-27469 CRITICAL POC Act Now

Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Monsta Ftp
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-27468 CRITICAL POC Act Now

Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Monsta Ftp
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-27299 CRITICAL POC Act Now

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-28524 CRITICAL Act Now

ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Ed01 Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-24883 CRITICAL PATCH Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Freerdp Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-29499 CRITICAL KEV THREAT Act Now

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Mivoice Connect
NVD
CVSS 3.1
9.8
EPSS
56.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy