Skip to main content
CVE-2022-1768 CRITICAL POC THREAT Emergency

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.1%.

SQLi PHP WordPress Rsvpmaker
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
86.1%
Threat
6.0
CVE-2022-31053 CRITICAL POC PATCH Act Now

Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Java Biscuit Auth Biscuit Go +2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-33175 CRITICAL POC Act Now

Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Basic Pdu Firmware Pm Pdu Firmware Piml Pdu Firmware Smart Pim Firmware +3
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-0885 CRITICAL POC Act Now

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Code Injection WordPress Member Hero
NVD WPScan
CVSS 3.1
9.8
EPSS
9.1%
CVE-2022-0827 CRITICAL POC Act Now

The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Bestbooks
NVD WPScan
CVSS 3.1
9.8
EPSS
9.0%
CVE-2022-0786 CRITICAL POC THREAT Act Now

The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Kivicare
NVD WPScan
CVSS 3.1
9.8
EPSS
12.6%
CVE-2022-2067 CRITICAL POC PATCH Act Now

SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Rosariosis
NVD GitHub
CVSS 3.1
9.1
EPSS
1.9%
CVE-2022-29247 CRITICAL PATCH Act Now

Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Electron
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-29797 CRITICAL Act Now

There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Cv81 Wdm Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-23168 CRITICAL Act Now

The attacker could get access to the database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Mobile Application Gateway
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-23167 CRITICAL Act Now

Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Amodat
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-30311 CRITICAL Act Now

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Controller Cecc X M1 Firmware Controller Cecc X M1 Mv Firmware Controller Cecc X M1 Mv S1 Firmware Controller Cecc X M1 Ys L1 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-30310 CRITICAL Act Now

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Controller Cecc X M1 Firmware Controller Cecc X M1 Mv Firmware Controller Cecc X M1 Mv S1 Firmware Controller Cecc X M1 Ys L1 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-30309 CRITICAL Act Now

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Controller Cecc X M1 Firmware Controller Cecc X M1 Mv Firmware Controller Cecc X M1 Mv S1 Firmware Controller Cecc X M1 Ys L1 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-30308 CRITICAL Act Now

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Controller Cecc X M1 Firmware Controller Cecc X M1 Mv Firmware Controller Cecc X M1 Mv S1 Firmware Controller Cecc X M1 Ys L1 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-29525 CRITICAL Act Now

Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Casa
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-31760 CRITICAL Act Now

Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy