Skip to main content
CVE-2022-3218 CRITICAL POC PATCH THREAT Act Now

Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Wifi Mouse Server
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
73.5%
CVE-2022-35914 CRITICAL POC KEV PATCH THREAT Act Now

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection PHP Glpi
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
99.6%
CVE-2022-38509 CRITICAL POC Act Now

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wedding Planner
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40432 CRITICAL POC Act Now

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Strings
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-40431 CRITICAL POC Act Now

The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Pdfs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40430 CRITICAL POC Act Now

The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Utility
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40429 CRITICAL POC Act Now

The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Ip Addresses
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40428 CRITICAL POC Act Now

The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Mpeg
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40426 CRITICAL POC Act Now

The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Asns
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40425 CRITICAL POC Act Now

The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Html
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38887 CRITICAL POC Act Now

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Python
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38886 CRITICAL POC Act Now

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Xml
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38885 CRITICAL POC Act Now

The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Netstrings
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38884 CRITICAL POC Act Now

The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Grammars
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38883 CRITICAL POC Act Now

The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Math
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38882 CRITICAL POC Act Now

The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Json
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38881 CRITICAL POC Act Now

The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Archives
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-37203 CRITICAL POC Act Now

JFinal CMS 5.1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-40811 CRITICAL POC Act Now

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Urls
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40808 CRITICAL POC Act Now

The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Dates
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40807 CRITICAL POC Act Now

The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Domains
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40806 CRITICAL POC Act Now

The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Uuids
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40805 CRITICAL POC Act Now

The d8s-urls for python 0.1.0, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Democritus Urls
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40427 CRITICAL POC Act Now

The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Domains
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40424 CRITICAL POC Act Now

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Democritus Urls
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38880 CRITICAL POC Act Now

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Democritus Urls
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-2840 CRITICAL POC Act Now

The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Zephyr Project Manager
NVD WPScan Exploit-DB
CVSS 3.1
9.8
EPSS
9.7%
CVE-2022-2754 CRITICAL POC THREAT Act Now

The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Ketchup Restaurant Reservations
NVD WPScan
CVSS 3.1
9.8
EPSS
37.7%
CVE-2022-38545 CRITICAL POC PATCH THREAT Act Now

Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Valine
NVD GitHub
CVSS 3.1
9.6
EPSS
32.9%
CVE-2022-37032 CRITICAL POC PATCH Act Now

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Frrouting Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2022-28321 CRITICAL PATCH Act Now

The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Linux Pam
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-0143 CRITICAL PATCH Act Now

When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ldap Connector
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-23768 CRITICAL Act Now

This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nis Hap11Ac Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-23767 CRITICAL Act Now

This vulnerability of SecureGate is SQL-Injection using login without password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Securegate Weblink
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40144 CRITICAL PATCH Act Now

A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Trend Micro Apex One
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-40812 CRITICAL Act Now

The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Democritus Pdfs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40810 CRITICAL Act Now

The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Democritus Ip Addresses
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40809 CRITICAL Act Now

The d8s-dicts for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Democritus Dicts
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40980 CRITICAL Act Now

A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Trend Micro Mobile Security
NVD
CVSS 3.1
9.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy