Skip to main content
CVE-2022-35147 CRITICAL POC Act Now

DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Doracms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-23747 CRITICAL POC THREAT Act Now

In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Xperia 1 Firmware Xperia 5 Firmware Xperia Pro Firmware
NVD
CVSS 3.1
9.8
EPSS
10.0%
CVE-2022-35516 CRITICAL POC Act Now

DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Dedecms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-35121 CRITICAL POC Act Now

Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Novel Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-2870 CRITICAL POC Act Now

A vulnerability was found in laravel 5.1 and classified as problematic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Laravel
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-36190 CRITICAL POC Act Now

GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Gpac
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-35122 CRITICAL POC Act Now

An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated attackers to access sensitive information including device and local WiFi passwords. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gw1100 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-2336 CRITICAL Act Now

Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Edgeaggregator Edgeconnector Opc Opc Ua C Software Development Kit +2
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-23764 CRITICAL Act Now

The vulnerability causing from insufficient verification procedures for downloaded files during WebCube update. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Webcube
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-22455 CRITICAL PATCH Act Now

IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-1400 CRITICAL Act Now

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cmdb
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-1399 CRITICAL Act Now

An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cmdb
NVD
CVSS 3.1
9.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy