Skip to main content
CVE-2022-28568 CRITICAL POC Act Now

Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Simple Doctor S Appointment System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
4.1%
CVE-2022-29347 CRITICAL POC Act Now

An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Web Rchiv
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-20777 CRITICAL POC THREAT Act Now

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cisco Enterprise Nfv Infrastructure Software
NVD GitHub
CVSS 3.1
9.9
EPSS
10.8%
CVE-2022-30284 CRITICAL POC PATCH Act Now

In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Python Libnmap
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
CVE-2022-29155 CRITICAL POC THREAT Act Now

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Openldap Debian Linux H300s Firmware H500s Firmware +4
NVD
CVSS 3.1
9.8
EPSS
69.9%
CVE-2022-28557 CRITICAL POC THREAT Act Now

There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
22.0%
CVE-2022-28512 CRITICAL POC Act Now

A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Fantastic Blog
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-28082 CRITICAL POC Act Now

Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ax12 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
8.6%
CVE-2022-28111 CRITICAL POC PATCH Act Now

MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Pagehelper
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-27431 CRITICAL POC Act Now

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wuzhicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-27420 CRITICAL POC Act Now

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-43163 CRITICAL Act Now

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the checkNet function in /cgi-bin/luci/api/auth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Reyeeos
NVD VulDB
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-30292 CRITICAL PATCH Act Now

Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Squirrel Fedora
NVD GitHub
CVSS 3.1
10.0
EPSS
3.6%
CVE-2022-28055 CRITICAL PATCH Act Now

Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Fusionpbx
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy