Skip to main content
CVE-2022-38297 CRITICAL POC Act Now

UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ucms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-38296 CRITICAL POC Act Now

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Cuppacms
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2022-38292 CRITICAL POC Act Now

SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Senayan Library Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-37860 CRITICAL POC PATCH THREAT Act Now

The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

TP-Link Command Injection M7350 Firmware
NVD
CVSS 3.1
9.8
EPSS
80.0%
CVE-2022-37767 CRITICAL POC Act Now

Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Java Pebble Templates
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-37794 CRITICAL POC Act Now

In Library Management System 1.0 the /card/in-card.php file id_no parameters are vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Library Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-1700 CRITICAL Act Now

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E),. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Cloud Security Gateway Data Loss Prevention Email Security One Endpoint With Policy Engine +1
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-37300 CRITICAL PATCH Act Now

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ecostruxure Control Expert Ecostruxure Process Expert Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware +32
NVD
CVSS 3.1
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy