Skip to main content
CVE-2022-37061 CRITICAL POC THREAT Emergency

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Flir Ax8 Firmware
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
99.6%
CVE-2022-36729 CRITICAL POC Act Now

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /librarian/del.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Library Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36728 CRITICAL POC Act Now

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /staff/delstu.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Library Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-36727 CRITICAL POC Act Now

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /staff/delete.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Library Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36725 CRITICAL POC Act Now

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /student/dele.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Library Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-36722 CRITICAL POC Act Now

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the title parameter at /librarian/history.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Library Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-35175 CRITICAL POC Act Now

Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /blotter/blotter.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Barangay Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-2876 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Student Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-35164 CRITICAL POC Act Now

LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Libredwg
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-35154 CRITICAL POC Act Now

Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mall System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-35540 CRITICAL PATCH Act Now

Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Agileconfig
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-36947 CRITICAL Act Now

Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Image Viewer
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-30601 CRITICAL Act Now

Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intel Privilege Escalation Standard Manageability Active Management Technology Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-25899 CRITICAL PATCH Act Now

Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Authentication Bypass Intel Privilege Escalation Open Active Management Technology Cloud Toolkit
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-22730 CRITICAL Act Now

Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Intel Privilege Escalation Edge Insights For Industrial
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-35976 CRITICAL Act Now

The GitOps Tools Extension for VSCode relies on kubeconfigs in order to communicate with Kubernetes clusters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Kubernetes Command Injection Gitops Tools
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-35975 CRITICAL Act Now

The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Gitops Tools
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-35153 CRITICAL PATCH Act Now

FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection PHP Fusionpbx
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-35606 CRITICAL Act Now

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-35605 CRITICAL Act Now

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-35603 CRITICAL Act Now

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-35602 CRITICAL Act Now

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-35601 CRITICAL Act Now

A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-35599 CRITICAL Act Now

A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-35598 CRITICAL Act Now

A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy