Skip to main content
CVE-2022-30813 CRITICAL POC Act Now

elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Elite Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30810 CRITICAL POC Act Now

elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Elite Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30809 CRITICAL POC Act Now

elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Elite Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30808 CRITICAL POC THREAT Act Now

elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Elite Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
16.1%
CVE-2022-30797 CRITICAL POC Act Now

Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30521 CRITICAL POC THREAT Act Now

The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE D-Link Buffer Overflow Dir 890L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
13.6%
CVE-2022-30512 CRITICAL POC Act Now

School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Dormitory Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
9.6%
CVE-2022-30511 CRITICAL POC Act Now

School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Dormitory Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-30510 CRITICAL POC Act Now

School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Dormitory Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-30506 CRITICAL POC Act Now

An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Mcms
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-30481 CRITICAL POC Act Now

Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Food Order And Table Reservation System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30478 CRITICAL POC Act Now

Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \search_product.php via the keyword parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ecommerce Project With Php And Mysqli Fruits Bazar
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30423 CRITICAL POC Act Now

Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-30352 CRITICAL POC Act Now

phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Phpabook
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-29777 CRITICAL POC PATCH Act Now

Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Core Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
6.9%
CVE-2022-29776 CRITICAL POC PATCH Act Now

Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Core Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
6.9%
CVE-2022-29730 CRITICAL POC Act Now

USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Usr G808 Firmware Usr G807 Firmware Usr G806 Firmware Usr G800V2 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-29659 CRITICAL POC Act Now

Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Responsive Online Blog
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-25237 CRITICAL POC THREAT Act Now

Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Bonita Web
NVD GitHub
CVSS 3.1
9.8
EPSS
56.2%
CVE-2022-24702 CRITICAL POC Act Now

An issue was discovered in WinAPRS 2.9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Winaprs
NVD GitHub
CVSS 3.1
9.8
EPSS
5.6%
CVE-2022-31945 CRITICAL POC Act Now

Rescue Dispatch Management System v1.0 is vulnerable to Delete any file via /rdms/classes/Master.php?f=delete_img. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Rescue Dispatch Management System
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2022-24239 CRITICAL Act Now

ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Aceweb Online Portal
NVD VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-24240 CRITICAL Act Now

ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Aceweb Online Portal
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30235 CRITICAL Act Now

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wiser Smart Eer21000 Firmware Wiser Smart Eer21001 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-30234 CRITICAL Act Now

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Wiser Smart Eer21000 Firmware Wiser Smart Eer21001 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29084 CRITICAL Act Now

Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Unity Operating Environment Unity Xt Operating Environment Unityvsa Operating Environment
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-26869 CRITICAL Act Now

Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Dell Information Disclosure Powerstoreos
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-25163 CRITICAL Act Now

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number "24061" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Melsec Iq R Rd81Mes96N Firmware Melsec Qj71E71 100 Firmware Melsec Lj71E71 100 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-32002 CRITICAL Act Now

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/manage_court.php?id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Badminton Center Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-31799 CRITICAL PATCH Act Now

Bottle before 0.12.20 mishandles errors during early request binding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bottle Debian Linux Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-30470 CRITICAL Act Now

In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Filerun
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-30324 CRITICAL PATCH Act Now

HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Hashicorp Nomad
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-29712 CRITICAL PATCH Act Now

LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Librenms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-28605 CRITICAL Act Now

Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sound Bar
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-1660 CRITICAL Act Now

The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE N6854A Firmware N6841A Rf Firmware
NVD
CVSS 3.1
9.8
EPSS
16.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy