Skip to main content
CVE-2022-35143 CRITICAL POC PATCH Act Now

Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force Raneto
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-35929 CRITICAL POC PATCH Act Now

cosign is a container signing and verification utility. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Cosign
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-34993 CRITICAL POC Act Now

Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A3600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-34970 CRITICAL POC PATCH Act Now

Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Crow
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-2656 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Multi Language Hotel Management Software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Multi Language Hotel Management Software
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-2651 CRITICAL POC PATCH THREAT Act Now

Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Bookwyrm
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
11.8%
CVE-2022-2648 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Multi Language Hotel Management Software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Multi Language Hotel Management Software
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-2644 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Admission System and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Admission System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-2643 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Online Admission System and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Admission System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-35927 CRITICAL PATCH Act Now

Contiki-NG is an open-source, cross-platform operating system for IoT devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-35728 CRITICAL Act Now

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +8
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-31132 CRITICAL Act Now

Nextcloud Mail is an email application for the nextcloud personal cloud product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Nextcloud PHP Mail
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-25168 CRITICAL PATCH Act Now

Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Command Injection RCE Hadoop
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2022-32965 CRITICAL Act Now

OMICARD EDM has a hard-coded machine key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Omicard Edm
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-32964 CRITICAL Act Now

OMICARD EDM’s API function has insufficient validation for user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Omicard Edm
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-2647 CRITICAL Act Now

A vulnerability was found in jeecg-boot. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Jeecg Boot
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-35243 CRITICAL Act Now

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2022-34865 CRITICAL Act Now

In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
9.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy