Skip to main content
CVE-2022-32417 CRITICAL POC THREAT Act Now

PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Code Injection Pbootcms
NVD GitHub
CVSS 3.1
9.8
EPSS
33.3%
CVE-2022-32409 CRITICAL POC THREAT Act Now

A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal I3Geo
NVD GitHub
CVSS 3.1
9.8
EPSS
12.6%
CVE-2022-28375 CRITICAL POC Act Now

Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Lvskihp Outdoorunit Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-28373 CRITICAL POC Act Now

Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Lvskihp Indoorunit Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-28369 CRITICAL POC Act Now

Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Lvskihp Indoorunit Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-30113 CRITICAL Act Now

Electronic mall system 1.0_build20200203 is affected vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Electronic Mall System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-25801 CRITICAL PATCH Act Now

Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Request Tracker For Incident Response
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2022-25800 CRITICAL PATCH Act Now

Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via the whois lookup tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Request Tracker For Incident Response
NVD
CVSS 3.1
9.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy