Skip to main content
CVE-2021-42627 CRITICAL POC THREAT Emergency

The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.4%.

D-Link Information Disclosure Dir 615 Firmware Dir 615 J1 Firmware Dir 615 T1 Firmware +1
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
67.4%
Threat
5.5
CVE-2022-37113 CRITICAL POC THREAT Act Now

Bluecms 1.6 has SQL injection in line 132 of admin/area.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bluecms
NVD GitHub
CVSS 3.1
9.8
EPSS
14.4%
CVE-2022-37112 CRITICAL POC Act Now

BlueCMS 1.6 has SQL injection in line 55 of admin/model.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bluecms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-37111 CRITICAL POC Act Now

BlueCMS 1.6 has SQL injection in line 132 of admin/article.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bluecms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-37223 CRITICAL POC Act Now

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-37199 CRITICAL POC Act Now

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34919 CRITICAL POC Act Now

The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Contensis
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-36261 CRITICAL POC Act Now

An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Taocms
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-42232 CRITICAL Act Now

TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Command Injection Archer A7 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-35115 CRITICAL Act Now

IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Webclient Dc2
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-35726 CRITICAL Act Now

Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Video Gallery
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-35733 CRITICAL Act Now

Missing authentication for critical function vulnerability in UNIMO Technology digital video recorders (UDR-JA1004/JA1008/JA1016 firmware versions v1.0.20.13 and earlier, and UDR-JA1016 firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection Udr Ja1004 Firmware Udr Ja1008 Firmware Udr Ja1016 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy