Skip to main content
CVE-2022-36161 CRITICAL POC Act Now

Orange Station 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Garage Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34989 CRITICAL POC Act Now

Fruits Bazar v1.0 was discovered to contain a SQL injection vulnerability via the recover_email parameter at user_password_recover.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Fruits Bazar
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-30274 CRITICAL Act Now

The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ace1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-30271 CRITICAL Act Now

The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts (such as /etc/init.d/sshd_service) only generate a new key if no private-key file exists. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ace1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-30270 CRITICAL Act Now

The Motorola ACE1000 RTU through 2022-05-02 has default credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ace1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-31207 CRITICAL Act Now

The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jwt Attack Sysmac Cs1 Firmware Sysmac Cj2M Firmware Sysmac Cj2H Firmware +4
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-31206 CRITICAL Act Now

The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jwt Attack Nx701 1600 Firmware Nx701 1620 Firmware Nx701 1700 Firmware +22
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-30273 CRITICAL Act Now

The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mdlc
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-29958 CRITICAL Act Now

JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Pc10G Cpu Tcc 6353 Firmware Pc10Ge Tcc 6464 Firmware Pc10P Tcc 6372 Firmware Pc10P Dp Tcc 6726 Firmware +13
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-29953 CRITICAL Act Now

The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bently Nevada 3701 40 Firmware Bently Nevada 3701 44 Firmware Bently Nevada 3701 46 Firmware Bently Nevada 60M100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36412 CRITICAL Act Now

In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zoho Manageengine Supportcenter Plus
NVD
CVSS 3.1
9.8
EPSS
5.8%
CVE-2022-36129 CRITICAL Act Now

HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2022-29952 CRITICAL Act Now

Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bently Nevada 3701 40 Firmware Bently Nevada 3701 44 Firmware Bently Nevada 3701 46 Firmware Bently Nevada 60M100 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-29951 CRITICAL Act Now

JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pc10G Cpu Tcc 6353 Firmware Pc10Ge Tcc 6464 Firmware Pc10P Tcc 6372 Firmware Pc10P Dp Tcc 6726 Firmware +13
NVD
CVSS 3.1
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy