Skip to main content
CVE-2022-31874 CRITICAL POC THREAT Act Now

ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Rt N53 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
19.1%
CVE-2022-31941 CRITICAL POC Act Now

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via \rdms\admin?page=user\manage_user&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rescue Dispatch Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-29496 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the BlynkConsole.h runCommand functionality of Blynk -Library v1.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Blynk Library
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-21806 CRITICAL POC Act Now

A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Eufy Homebase 2 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-30422 CRITICAL POC Act Now

Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Planet Time Enterprise
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2022-31357 CRITICAL POC Act Now

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-31356 CRITICAL POC Act Now

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/store/index.php?view=edit&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-31355 CRITICAL POC Act Now

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&search=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-45024 CRITICAL Act Now

ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Ags Zena
NVD VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-22485 CRITICAL PATCH Act Now

In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Spectrum Protect Operations Center
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-31784 CRITICAL Act Now

A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Mivoice Business Mivoice Business Express
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-31296 CRITICAL Act Now

Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the component /odfs/posts/view_post.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Discussion Forum
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy