Skip to main content
CVE-2022-32993 CRITICAL POC Act Now

TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A7000r Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36553 CRITICAL POC THREAT Act Now

Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Hwl 2511 Ss Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
90.8%
CVE-2022-32548 CRITICAL POC THREAT Act Now

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vigor3910 Firmware Vigor1000B Firmware Vigor2962 Firmware Vigor2962P Firmware +64
NVD
CVSS 3.1
9.8
EPSS
33.8%
CVE-2022-22897 CRITICAL POC THREAT Act Now

A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ap Pagebuilder
NVD
CVSS 3.1
9.8
EPSS
10.8%
CVE-2022-25921 CRITICAL POC Act Now

All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Morgan Json
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-25644 CRITICAL POC Act Now

All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Get Process By Name
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-21165 CRITICAL POC Act Now

All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child_process.exec() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Font Converter
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-36572 CRITICAL POC THREAT Act Now

Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /upload/admin.php?/deal/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Enterprise Website System
NVD GitHub
CVSS 3.1
9.8
EPSS
21.1%
CVE-2022-36560 CRITICAL Act Now

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Skybridge Mb A200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-36559 CRITICAL Act Now

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at ping_exec.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Skybridge Mb A200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-36558 CRITICAL Act Now

Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Skybridge Mb A100 Firmware Skybridge Mb A110 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-36557 CRITICAL Act Now

Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Skybridge Mb A100 Firmware Skybridge Mb A110 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-36556 CRITICAL Act Now

Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain a command injection vulnerability via the ipAddress parameter at 07system08execute_ping_01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Skybridge Mb A100 Firmware Skybridge Mb A110 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-36555 CRITICAL Act Now

Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hwl 2511 Ss Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-36554 CRITICAL Act Now

A command injection vulnerability in the CLI (Command Line Interface) implementation of Hytec Inter HWL-2511-SS v1.05 and below allows attackers to execute arbitrary commands with root privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Hwl 2511 Ss Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-34668 CRITICAL POC PATCH Act Now

NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Denial Of Service Nvflare
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
8.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy