Skip to main content
CVE-2022-2298 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Clinic S Patient Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-34819 CRITICAL PATCH Act Now

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Simatic Cp 1242 7 V2 Firmware Simatic Cp 1243 1 Firmware Simatic Cp 1243 7 Lte Eu Firmware +12
NVD
CVSS 3.1
10.0
EPSS
1.9%
CVE-2022-35628 CRITICAL PATCH Act Now

A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Living User Experience
NVD
CVSS 3.1
9.8
EPSS
26.3%
CVE-2022-29601 CRITICAL PATCH Act Now

The seminars (aka Seminar Manager) extension through 4.1.3 for TYPO3 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Seminars
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-29600 CRITICAL PATCH Act Now

The oelib (aka One is Enough Library) extension through 4.1.5 for TYPO3 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Oelib
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-22997 CRITICAL Act Now

Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection My Cloud Home Duo Firmware My Cloud Home Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-31105 CRITICAL PATCH Act Now

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
9.6
EPSS
0.8%
CVE-2022-26649 CRITICAL PATCH Act Now

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Siemens Buffer Overflow Scalance X204 2 Firmware Scalance X204 2Fm Firmware Scalance X204 2Ld Firmware +26
NVD
CVSS 3.1
9.6
EPSS
1.3%
CVE-2022-34737 CRITICAL Act Now

The application security module has a vulnerability in permission assignment. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos Magic Ui
NVD
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy