Skip to main content
CVE-2022-36578 CRITICAL POC Act Now

jizhicms v2.3.1 has SQL injection in the background. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jizhicms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36606 CRITICAL POC Act Now

Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ywoa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-36605 CRITICAL POC Act Now

Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ywoa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-29805 CRITICAL POC THREAT Act Now

A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Java Fishbowl
NVD
CVSS 3.1
9.8
EPSS
27.4%
CVE-2022-35201 CRITICAL Act Now

Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tenda Ac18 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-37175 CRITICAL Act Now

Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-23459 CRITICAL Act Now

Jsonxx or Json++ is a JSON parser, writer and reader written in C++. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Json
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34615 CRITICAL Act Now

Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brute Force Mealie
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-36220 CRITICAL Act Now

Kiosk breakout (without quit password) in Safe Exam Browser (Windows) <3.4.0, which allows an attacker to achieve code execution via the browsers' print dialog. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Safe Exam Browser
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-22489 CRITICAL PATCH Act Now

IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Mq
NVD
CVSS 3.1
9.1
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy