Skip to main content
CVE-2022-30525 CRITICAL POC KEV THREAT Emergency

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zyxel Usg Flex 100W Firmware Usg Flex 200 Firmware Usg Flex 500 Firmware +13
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.9%
CVE-2022-29363 CRITICAL POC Act Now

Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Phpok
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-30001 CRITICAL POC Act Now

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editAgent.php?agent_id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Insurance Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30000 CRITICAL POC Act Now

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editPayment.php?recipt_no=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Insurance Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29999 CRITICAL POC Act Now

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editClient.php?client_id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Insurance Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29998 CRITICAL POC Act Now

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/clientStatus.php?client_id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Insurance Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29746 CRITICAL POC Act Now

Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/classes/Users.php?f=delete. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Money Transfer Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29745 CRITICAL POC Act Now

Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_transaction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Money Transfer Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29741 CRITICAL POC Act Now

Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_fee. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Money Transfer Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29739 CRITICAL POC Act Now

Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Money Transfer Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29738 CRITICAL POC Act Now

Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transaction/send&id=, id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Money Transfer Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29307 CRITICAL POC THREAT Act Now

IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Code Injection Command Injection Ionize
NVD GitHub
CVSS 3.1
9.8
EPSS
17.8%
CVE-2022-29306 CRITICAL POC Act Now

IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerability via the id_page parameter in application/models/article_model.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ionize
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29303 CRITICAL POC KEV THREAT Act Now

SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Sv Cpt Mc310 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
98.0%
CVE-2022-29995 CRITICAL POC Act Now

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=clients/manage_client&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29994 CRITICAL POC Act Now

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=facilities/manage_facility&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29993 CRITICAL POC Act Now

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/bookings/view_booking.php?id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29992 CRITICAL POC Act Now

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/manage_category.php?id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29990 CRITICAL POC Act Now

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/view_category.php?id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29989 CRITICAL POC Act Now

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_booking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29988 CRITICAL POC Act Now

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29987 CRITICAL POC Act Now

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=user/manage_user&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29986 CRITICAL POC Act Now

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_facility. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29985 CRITICAL POC Act Now

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_category. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Sports Complex Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29984 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_client&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-29983 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view_invoice&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-29982 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/maintenance/manage_service.php?id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29981 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Users.php?f=delete. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29980 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=user/manage_user&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29979 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_designation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29751 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29750 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29749 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29748 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage_client&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29747 CRITICAL POC Act Now

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-1650 CRITICAL POC PATCH Act Now

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Eventsource Debian Linux
NVD GitHub
CVSS 3.1
9.3
EPSS
1.8%
CVE-2022-27172 HIGH POC This Week

A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-26782 HIGH POC This Week

Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2022-26781 HIGH POC This Week

Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-26780 HIGH POC This Week

Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2022-26518 HIGH POC This Week

An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
4.8%
CVE-2022-26420 HIGH POC This Week

An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
5.8%
CVE-2022-26085 HIGH POC THREAT This Week

An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
12.5%
CVE-2022-26075 HIGH POC This Week

An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
5.8%
CVE-2022-26042 HIGH POC This Week

An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2022-25995 HIGH POC This Week

A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2022-21182 HIGH POC This Week

A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Inrouter302 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-21809 HIGH POC This Week

A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Inrouter302 Firmware
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2022-30594 HIGH POC PATCH This Week

The Linux kernel before 5.17.2 mishandles seccomp permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Linux Linux Kernel Debian Linux Solidfire Enterprise Sds Hci Storage Node +10
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-29298 HIGH POC THREAT This Week

SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Sv Cpt Mc310 Firmware
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
45.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy