Skip to main content
CVE-2021-42675 CRITICAL POC Act Now

Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Kreasfero
NVD VulDB
CVSS 3.1
9.8
EPSS
3.1%
CVE-2022-32337 CRITICAL POC Act Now

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/patients/manage_patient.php?id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-27668 CRITICAL POC Act Now

Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SAP Netweaver As Abap Netweaver As Abap Krnl64nuc Netweaver As Abap Krnl64uc +1
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-32352 CRITICAL POC Act Now

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_admission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-32336 CRITICAL POC Act Now

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/view_menu.php?id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Fast Food Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-31311 CRITICAL POC Act Now

An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Aerial X 1200M Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-31446 CRITICAL POC THREAT Act Now

Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda RCE Command Injection Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
32.8%
CVE-2022-32328 CRITICAL POC Act Now

Fast Food Ordering System v1.0 is vulnerable to Delete any file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Fast Food Ordering System
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2022-31273 CRITICAL Act Now

An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to perform a brute-force attack via a crafted session_id cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Topidp3000 Topsec Operating System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-32262 CRITICAL PATCH Act Now

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection File Upload Sinema Remote Connect Server
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-32260 CRITICAL PATCH Act Now

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Sinema Remote Connect Server
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-32251 CRITICAL PATCH Act Now

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Sinema Remote Connect Server
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-25651 CRITICAL Act Now

Memory corruption in bluetooth host due to integer overflow while processing BT HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow Apq8009 Firmware Apq8017 Firmware +50
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-22087 CRITICAL Act Now

memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +152
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-22086 CRITICAL Act Now

Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Apq8009W Firmware Apq8017 Firmware Apq8053 Firmware +137
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-25167 CRITICAL PATCH Act Now

Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Java Apache Flume
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2022-30230 CRITICAL PATCH Act Now

A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Sicam Gridedge Essential
NVD
CVSS 4.0
9.3
EPSS
1.0%
CVE-2022-32559 CRITICAL Act Now

An issue was discovered in Couchbase Server before 7.0.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Couchbase Server
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2022-27889 CRITICAL Act Now

The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Foundry Multipass
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy