Skip to main content
CVE-2022-1281 CRITICAL POC PATCH THREAT Act Now

The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi WordPress Photo Gallery
NVD WPScan
CVSS 3.1
9.8
EPSS
23.5%
CVE-2022-0783 CRITICAL POC Act Now

The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Multiple Shipping Addresses For Woocommerce
NVD WPScan
CVSS 3.1
9.8
EPSS
7.9%
CVE-2022-0773 CRITICAL POC THREAT Act Now

The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Documentor
NVD WPScan
CVSS 3.1
9.8
EPSS
42.8%
CVE-2022-0771 CRITICAL POC Act Now

The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions (available to both unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Sitesupercharger
NVD WPScan
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-28573 CRITICAL POC THREAT Act Now

D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823 Pro Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
27.5%
CVE-2022-28056 CRITICAL POC PATCH Act Now

ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Shopxo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-27466 CRITICAL POC Act Now

MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-28571 CRITICAL POC Act Now

D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 882 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
5.5%
CVE-2022-1378 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
19.4%
CVE-2022-1377 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1376 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1375 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1374 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1372 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1371 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1370 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1369 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1367 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
20.8%
CVE-2022-1366 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
19.4%
CVE-2022-28054 CRITICAL Act Now

Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows attackers to execute arbitrary code via a crafted value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Vshell
NVD
CVSS 3.1
9.8
EPSS
29.7%
CVE-2022-27982 CRITICAL Act Now

RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution (RCE) vulnerability via the fileName parameter at /guest_auth/cfg/upLoadCfg.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE Rg Nbr2100G E Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-1300 CRITICAL Act Now

Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Trutops Boost Trutops Fab Trutops Monitor
NVD
CVSS 3.1
9.8
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy