Skip to main content
CVE-2022-1775 CRITICAL POC PATCH Act Now

Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Brute Force Information Disclosure Trudesk
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-22972 CRITICAL POC THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Identity Manager Vrealize Automation Workspace One Access +2
NVD
CVSS 3.1
9.8
EPSS
52.8%
CVE-2022-28995 CRITICAL POC Act Now

Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Rengine
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-28531 CRITICAL POC THREAT Act Now

Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Covid 19 Directory On Vaccination System
NVD
CVSS 3.1
9.8
EPSS
14.2%
CVE-2022-30887 CRITICAL POC THREAT Act Now

Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
24.8%
CVE-2022-30886 CRITICAL POC Act Now

School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Dormitory Management System
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-30518 CRITICAL POC Act Now

ChatBot Application with a Suggestion Feature 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /simple_chat_bot/admin/responses/view_response.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Chatbot Application With A Suggestion Feature
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-29023 CRITICAL POC PATCH Act Now

A buffer overflow vulnerability exists in the razermouse driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Openrazer
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-29022 CRITICAL POC Act Now

A buffer overflow vulnerability exists in the razeraccessory driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Openrazer
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-29021 CRITICAL POC Act Now

A buffer overflow vulnerability exists in the razerkbd driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Openrazer
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-28993 CRITICAL POC Act Now

Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Multi Store Inventory Management System
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-28106 CRITICAL POC Act Now

Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Online Sports Complex Booking System
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-28105 CRITICAL POC Act Now

Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Sports Complex Booking System
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-28104 CRITICAL POC Act Now

Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pdf Editor
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-26633 CRITICAL POC Act Now

Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Student Quarterly Result Grade System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-26632 CRITICAL POC Act Now

Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Multi Vendor Online Groceries Management System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29165 CRITICAL POC PATCH Act Now

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
10.0
EPSS
1.9%
CVE-2022-29186 CRITICAL PATCH Act Now

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Docker Rundeck
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-28618 CRITICAL Act Now

A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Nimbleos
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-28660 CRITICAL Act Now

The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Grafana
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29873 CRITICAL PATCH Act Now

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE 7Kg8500 0Aa00 0Aa0 Firmware 7Kg8500 0Aa00 2Aa0 Firmware 7Kg8500 0Aa10 0Aa0 Firmware +33
NVD
CVSS 4.0
9.3
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy