Skip to main content
CVE-2022-27336 CRITICAL POC THREAT Act Now

Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Seacms
NVD
CVSS 3.1
9.8
EPSS
20.0%
CVE-2022-29859 CRITICAL PATCH Act Now

component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Amb1 Sdk
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-27332 CRITICAL PATCH Act Now

An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Denial Of Service Authentication Bypass Zammad
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-28464 CRITICAL Act Now

Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Apifox
NVD
CVSS 3.1
9.0
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy