Skip to main content
CVE-2022-39206 CRITICAL POC PATCH Act Now

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Docker Code Injection Onedev
NVD GitHub
CVSS 3.1
9.9
EPSS
1.7%
CVE-2022-35413 CRITICAL POC PATCH THREAT Act Now

WAPPLES through 6.0 has a hardcoded systemi account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Wapples
NVD
CVSS 3.1
9.8
EPSS
12.5%
CVE-2022-38637 CRITICAL POC Act Now

Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Hospital Management System
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2022-39205 CRITICAL POC PATCH Act Now

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Authentication Bypass Onedev
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-38541 CRITICAL POC Act Now

Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Archery
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-38771 CRITICAL Act Now

The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Mojodat Fixed Asset Management
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38768 CRITICAL Act Now

The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to bypass authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mojodat Fixed Asset Management
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-39815 CRITICAL Act Now

In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nokia Command Injection 1350 Optical Management System
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-20391 CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257000. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-20390 CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257002. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-20389 CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-20388 CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-20387 CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227324. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-20386 CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227328. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-20385 CRITICAL Act Now

a function called 'nla_parse', do not check the len of para, it will check nla_type (which can be controlled by userspace) with 'maxtype' (in this case, it is GSCAN_MAX), then it access polciy array. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-34722 CRITICAL Act Now

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-34721 CRITICAL Act Now

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
9.8
EPSS
75.7%
CVE-2022-34718 CRITICAL Act Now

Windows TCP/IP Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
9.8
EPSS
48.1%
CVE-2022-38542 CRITICAL Act Now

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Archery
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-38540 CRITICAL Act Now

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Archery
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-38539 CRITICAL Act Now

Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Archery
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-38538 CRITICAL Act Now

Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Archery
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-38537 CRITICAL Act Now

Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Archery
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36779 CRITICAL Act Now

PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G /. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection M330 W Firmware M330 W5 Firmware M350 5G Firmware M350 W5G Firmware +5
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-37011 CRITICAL PATCH Act Now

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Saml
NVD
CVSS 3.1
9.8
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy