Skip to main content
CVE-2022-35925 CRITICAL POC PATCH Act Now

BookWyrm is a social network for tracking reading. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nginx Authentication Bypass Bookwyrm
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-34613 CRITICAL POC Act Now

Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Mealie
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-35422 CRITICAL POC Act Now

Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Web Based Quiz System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34956 CRITICAL POC Act Now

Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_groups.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pligg Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34955 CRITICAL POC Act Now

Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_topusers.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pligg Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34954 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at invoiceprint.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34953 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getOrderReport.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34952 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edituser.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34951 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getsalereport.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34950 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editproduct.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34949 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the email or password parameter at login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34948 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editbrand.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34947 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editcategory.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34946 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getexpproduct.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34945 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-30285 CRITICAL Act Now

In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kace Systems Management Appliance
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-29807 CRITICAL Act Now

A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP SQLi Kace Systems Management Appliance
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-35223 CRITICAL Act Now

EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Mailhunter Ultimate
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-35924 CRITICAL PATCH Act Now

NextAuth.js is a complete open source authentication solution for Next.js applications. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Next Auth
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy