Skip to main content
CVE-2022-38308 CRITICAL POC THREAT Act Now

TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the lang parameter in the function cstesystem. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7000Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
20.3%
CVE-2022-37661 CRITICAL POC THREAT Act Now

SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Sr510N Firmware Sr506N Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
36.2%
CVE-2022-37138 CRITICAL POC Act Now

Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Loan Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-36669 CRITICAL POC Act Now

Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SQLi Hospital Information System
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-36436 CRITICAL POC PATCH Act Now

OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Twisted Vnc Authentication Proxy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-2900 CRITICAL POC PATCH Act Now

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Parse Url
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-35947 CRITICAL PATCH Act Now

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Glpi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-34831 CRITICAL Act Now

An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ejbca
NVD
CVSS 3.1
9.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy