Skip to main content
CVE-2022-2847 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Guest Management System.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Guest Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-36599 CRITICAL POC Act Now

Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mcms
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-36273 CRITICAL POC Act Now

Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-36272 CRITICAL POC Act Now

Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-37437 CRITICAL Act Now

When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Splunk
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-34256 CRITICAL PATCH Act Now

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Privilege Escalation Commerce Magento
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-2662 CRITICAL Act Now

Sequi PortBloque S has a improper authentication issues which may allow an attacker to bypass the authentication process and gain user-level access to the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Portbloque S Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36242 CRITICAL Act Now

Clinic's Patient Management System v1.0 is vulnerable to SQL Injection via /pms/update_medicine.php?id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Clinic S Patient Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-30264 CRITICAL Act Now

The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Dl8000 Firmware Roc809 Firmware Roc800L Firmware Fb3000 Rtu Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-36344 CRITICAL Act Now

An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Atok Medical 2 Atok Medical 3 Atok Pro 3 +57
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-38193 CRITICAL Act Now

There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Portal For Arcgis
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2022-36308 CRITICAL Act Now

Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Airvelocity 1500 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy