Skip to main content
CVE-2022-34531 CRITICAL POC THREAT Act Now

DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Dedecms
NVD GitHub
CVSS 3.1
9.8
EPSS
22.5%
CVE-2022-34496 CRITICAL POC Act Now

Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Hiby R3 Pro Firmware Hiby R3 Pro Saber Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-2578 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Garage Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-22280 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Sonicwall SQLi Analytics Global Management System
NVD
CVSS 3.1
9.8
EPSS
9.3%
CVE-2022-1799 CRITICAL Act Now

Incorrect signature trust exists within Google Play services SDK play-services-basement. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Google Play Services Software Development Kit
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-1277 CRITICAL Act Now

Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Solar Log
NVD VulDB
CVSS 3.1
9.4
EPSS
0.3%
CVE-2022-35643 CRITICAL PATCH Act Now

IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a denial of service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Denial Of Service Powervm Virtual I O Server
NVD
CVSS 3.1
9.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy