Skip to main content
CVE-2022-20828 HIGH POC THREAT Act Now

A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Asa Firepower
NVD
CVSS 3.1
7.2
EPSS
48.3%
CVE-2022-34066 CRITICAL POC PATCH Act Now

The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered to contain a code execution backdoor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Texercise
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-34065 CRITICAL POC Act Now

The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contain a code execution backdoor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Rondolu Yt Concate
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-34061 CRITICAL POC PATCH Act Now

The Catly-Translate package in PyPI v0.0.3 to v0.0.5 was discovered to contain a code execution backdoor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Catly Translate
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-34060 CRITICAL POC Act Now

The Togglee package in PyPI version v0.0.8 was discovered to contain a code execution backdoor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Togglee
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-34059 CRITICAL POC Act Now

The Sixfab-Tool in PyPI v0.0.2 to v0.0.3 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Sixfab Tool
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-34056 CRITICAL POC Act Now

The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Watertools
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-34055 CRITICAL POC Act Now

The drxhello package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Drxhello
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-34054 CRITICAL POC PATCH Act Now

The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Perdido
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-34053 CRITICAL POC Act Now

The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Dr Web Engine
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-33004 CRITICAL POC PATCH Act Now

The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Beginner
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-33003 CRITICAL POC Act Now

The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Watools
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-33002 CRITICAL POC Act Now

The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Explore
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-33001 CRITICAL POC Act Now

The AAmiles package in PyPI v0.1.0 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Aamiles
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-33000 CRITICAL POC PATCH Act Now

The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ml Scanner
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-32999 CRITICAL POC Act Now

The cloudlabeling package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Cloudlabeling
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-32998 CRITICAL POC PATCH Act Now

The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Cryptoasset Data Downloader
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-32997 CRITICAL POC PATCH Act Now

The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Rootinteractive
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-32996 CRITICAL POC PATCH Act Now

The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Django Navbar Client
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-30885 CRITICAL POC PATCH Act Now

The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Pyesasky
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-21231 CRITICAL POC Act Now

All versions of package deep-get-set are vulnerable to Prototype Pollution via the 'deep' function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Deep Get Set
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-32405 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/view_prison.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32404 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_inmate.php:3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32403 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_record.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32402 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/manage_prison.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32401 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_privilege.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32399 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/view_crime.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32398 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/manage_cell.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32397 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/view_visit.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32396 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/manage_visit.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32395 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/manage_crime.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32394 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/view_inmate.php:3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32393 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/view_cell.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32392 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/manage_action.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32391 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/view_action.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-33121 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Minicms
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-20829 HIGH POC This Week

A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Cisco Isa 3000 Firmware Asa 5585 X Firmware Asa 5512 X Firmware +2
NVD GitHub
CVSS 3.1
7.2
EPSS
3.2%
CVE-2022-32400 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/user/manage_user.php:4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-32209 MEDIUM POC PATCH THREAT This Month

XSS Rails Html Sanitizers Fedora Debian Linux
NVD
CVSS 3.1
6.1
EPSS
29.3%
CVE-2022-34064 CRITICAL Act Now

The Zibal package in PyPI v1.0.0 was discovered to contain a code execution backdoor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zibal
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-34057 CRITICAL Act Now

The Scoptrial package in PyPI version v0.0.5 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Scoptrial
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-31767 CRITICAL Act Now

IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Command Injection Cics Tx
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2022-2120 CRITICAL Act Now

OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Dcmtk
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-2119 CRITICAL Act Now

OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Dcmtk
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-2104 CRITICAL Act Now

The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apache Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-28620 CRITICAL Act Now

A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Slingshot Firmware Cray Ex Supercomputers Firmware Cray Sh Supercomputer Air Cooled Base System Code Firmware Cray Sh Supercomputer Liquid Cooled Base System Code Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-23170 CRITICAL Act Now

SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF XXE Okta Sso
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-21829 CRITICAL PATCH Act Now

Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Concrete Cms
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-1668 CRITICAL Act Now

Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-1519 CRITICAL Act Now

LRM does not restrict the types of files that can be uploaded to the affected product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Local Run Manager
NVD
CVSS 3.1
9.8
EPSS
1.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy