Skip to main content
CVE-2022-41352 CRITICAL POC KEV PATCH THREAT Act Now

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Ubuntu Red Hat Path Traversal Zimbra Collaboration Suite
NVD
CVSS 3.1
9.8
EPSS
95.5%
CVE-2022-40050 CRITICAL POC Act Now

ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zfile
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-30004 CRITICAL POC Act Now

Sourcecodester Online Market Place Site v1.0 suffers from an unauthenticated blind SQL Injection Vulnerability allowing remote attackers to dump the SQL database via time-based SQL injection.. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Market Place Site
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-40485 CRITICAL POC Act Now

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /package_detail.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wedding Planner
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40484 CRITICAL POC Act Now

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_edit.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wedding Planner
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40483 CRITICAL POC Act Now

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /wedding_details.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wedding Planner
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-39243 CRITICAL POC PATCH Act Now

NuProcess is an external process execution implementation for Java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Nuprocess
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-21797 CRITICAL POC PATCH Act Now

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Joblib Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-28722 CRITICAL Act Now

Certain HP Print Products are potentially vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Buffer Overflow P4C78A Firmware P4C85A Firmware T3P03A Firmware +96
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-28721 CRITICAL Act Now

Certain HP Print Products are potentially vulnerable to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP RCE M2U86A Firmware M2U86B Firmware M2U86C Firmware +297
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-3075 CRITICAL KEV THREAT Act Now

Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
9.6
EPSS
5.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy