Skip to main content
CVE-2022-34132 CRITICAL POC PATCH Act Now

Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-31887 CRITICAL POC Act Now

Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Marval Msm
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-31885 CRITICAL POC THREAT Act Now

Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Marval Msm
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
31.3%
CVE-2022-31106 CRITICAL POC PATCH Act Now

Underscore.deep is a collection of Underscore mixins that operate on nested objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Underscore Deep
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-31056 CRITICAL POC Act Now

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Glpi
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
8.6%
CVE-2022-31230 CRITICAL Act Now

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Powerscale Onefs
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-31061 CRITICAL PATCH Act Now

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Glpi
NVD GitHub
CVSS 3.1
9.8
EPSS
50.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy