Skip to main content
CVE-2022-29632 CRITICAL POC THREAT Act Now

An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Roncoo Education
NVD GitHub
CVSS 3.1
9.8
EPSS
16.1%
CVE-2022-30516 CRITICAL POC Act Now

In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-30495 CRITICAL POC Act Now

In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Automotive Shop Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30493 CRITICAL POC Act Now

In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-30500 CRITICAL POC Act Now

Jfinal cms 5.1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30477 CRITICAL POC Act Now

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-30476 CRITICAL POC Act Now

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-30474 CRITICAL POC Act Now

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-30472 CRITICAL POC Act Now

Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-29660 CRITICAL POC THREAT Act Now

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
9.8
EPSS
11.4%
CVE-2022-1899 CRITICAL POC PATCH Act Now

Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Radare2
NVD GitHub
CVSS 3.1
9.1
EPSS
1.4%
CVE-2022-29633 CRITICAL Act Now

An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Linglong
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-26776 CRITICAL Act Now

This issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Apple macOS
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-26775 CRITICAL Act Now

An integer overflow was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Apple Mac Os X macOS
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-26723 CRITICAL Act Now

A memory corruption issue was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Apple macOS
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-26711 CRITICAL Act Now

An integer overflow issue was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Microsoft Apple Itunes +5
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-26708 CRITICAL Act Now

This issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-21831 CRITICAL PATCH Act Now

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Code Injection Active Storage Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-24422 CRITICAL PATCH Act Now

Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Dell Idrac9
NVD
CVSS 3.1
9.8
EPSS
53.8%
CVE-2022-1664 CRITICAL PATCH Act Now

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Debian Path Traversal Dpkg Debian Linux Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-26694 CRITICAL Act Now

This issue was addressed with improved checks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-26693 CRITICAL Act Now

This issue was addressed with improved checks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
9.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy