Skip to main content
CVE-2022-2128 CRITICAL POC PATCH Act Now

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Trudesk
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-31795 CRITICAL POC Act Now

An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Eternus Cs8000 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-31794 CRITICAL POC Act Now

An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Eternus Cs8000 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-1905 CRITICAL POC THREAT Act Now

The Events Made Easy WordPress plugin before 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Events Made Easy
NVD WPScan
CVSS 3.1
9.8
EPSS
37.4%
CVE-2022-2023 CRITICAL POC PATCH Act Now

Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Trudesk
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-22318 CRITICAL PATCH Act Now

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Curam Social Program Management
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-22317 CRITICAL PATCH Act Now

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Curam Social Program Management
NVD
CVSS 3.1
9.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy