Skip to main content
CVE-2022-29596 CRITICAL POC Act Now

MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Path Traversal Enterprise Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-30450 CRITICAL POC THREAT Act Now

A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 via wx.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Waimairencms
NVD
CVSS 3.1
9.8
EPSS
21.0%
CVE-2022-30449 CRITICAL POC Act Now

Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-30448 CRITICAL POC Act Now

Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Hospital Management System
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-30063 CRITICAL POC THREAT Act Now

ftcms <=2.1 was discovered to be vulnerable to code execution attacks . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ftcms
NVD
CVSS 3.1
9.8
EPSS
17.5%
CVE-2022-30453 CRITICAL POC THREAT Act Now

ShopWind <= 3.4.2 has a RCE vulnerability in Database.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Shopwind
NVD
CVSS 3.1
9.8
EPSS
15.3%
CVE-2022-30048 CRITICAL POC Act Now

Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mcms
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30047 CRITICAL POC Act Now

Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mcms
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-29009 CRITICAL POC THREAT Act Now

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cyber Cafe Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
22.6%
CVE-2022-29007 CRITICAL POC THREAT Act Now

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Dairy Farm Shop Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
19.5%
CVE-2022-29006 CRITICAL POC THREAT Act Now

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Directory Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
19.5%
CVE-2022-29316 CRITICAL POC Act Now

Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Complete Online Job Search System
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2022-30592 CRITICAL PATCH Act Now

liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Lsquic
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-29656 CRITICAL Act Now

Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Wedding Management System
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-29317 CRITICAL Act Now

Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Simple Bus Ticket Booking System
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-29898 CRITICAL Act Now

On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rad Ism 900 En Bd Firmware Rad Ism 900 En Bd B Firmware Rad Ism 900 En Bd Bus Firmware
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2022-29897 CRITICAL Act Now

On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute utility integrated in the WebUI to execute arbitrary code with root privileges on the OS due to an. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rad Ism 900 En Bd Firmware Rad Ism 900 En Bd B Firmware Rad Ism 900 En Bd Bus Firmware
NVD
CVSS 3.1
9.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy