Skip to main content
CVE-2022-40030 CRITICAL POC Act Now

SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Task Managing System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38619 CRITICAL POC Act Now

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Smartvista Front End
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-41220 CRITICAL POC Act Now

md2roff 1.9 has a stack-based buffer overflow via a Markdown file, a different vulnerability than CVE-2022-34913. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Md2Roff
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-28802 CRITICAL Act Now

Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Privilege Escalation Code By Zapier
NVD
CVSS 3.1
9.9
EPSS
1.0%
CVE-2022-41238 CRITICAL Act Now

A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Dotci
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-41237 CRITICAL Act Now

Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Jenkins Dotci
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-41226 CRITICAL PATCH Act Now

Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Jenkins Compuware Common Configuration
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-37026 CRITICAL PATCH Act Now

In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Erlang Otp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-0495 CRITICAL Act Now

The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Koha Library Automation
NVD
CVSS 3.1
9.4
EPSS
0.4%
CVE-2022-2315 CRITICAL Act Now

Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Accreditation Tracking Presentation Module
NVD
CVSS 3.1
9.4
EPSS
0.3%
CVE-2022-41241 CRITICAL Act Now

Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Jenkins Rqm
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-30578 CRITICAL Act Now

The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ebx Add Ons
NVD
CVSS 3.1
9.0
EPSS
0.8%
CVE-2022-30577 CRITICAL Act Now

The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ebx
NVD
CVSS 3.1
9.0
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy