Skip to main content
CVE-2022-29337 CRITICAL POC THREAT Act Now

C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Fd702Xw X R430 Firmware
NVD
CVSS 3.1
9.8
EPSS
35.3%
CVE-2022-29334 CRITICAL POC Act Now

An issue in H v1.0 allows attackers to bypass authentication via a session replay attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-30838 CRITICAL POC Act Now

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Covid 19 Travel Pass Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30461 CRITICAL POC Act Now

Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Water Billing System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30455 CRITICAL POC Act Now

Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Badminton Center Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30454 CRITICAL POC Act Now

Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-29246 CRITICAL Act Now

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Buffer Overflow Threadx Usbx
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-29223 CRITICAL Act Now

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Threadx Usbx
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy