Skip to main content
CVE-2022-40929 CRITICAL POC Act Now

XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Xxl Job
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-40942 CRITICAL POC Act Now

Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Tx3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
8.1%
CVE-2022-3332 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Food Ordering Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-40083 CRITICAL POC PATCH Act Now

Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Redirect Echo
NVD GitHub
CVSS 3.1
9.6
EPSS
2.3%
CVE-2022-28814 CRITICAL Act Now

Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cpy Car Park Server Uwp 3 0 Monitoring Gateway And Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-28812 CRITICAL Act Now

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpy Car Park Server Uwp 3 0 Monitoring Gateway And Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-28811 CRITICAL Act Now

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Cpy Car Park Server Uwp 3 0 Monitoring Gateway And Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-22526 CRITICAL Act Now

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpy Car Park Server Uwp 3 0 Monitoring Gateway And Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-22522 CRITICAL Act Now

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpy Car Park Server Uwp 3 0 Monitoring Gateway And Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-39033 CRITICAL Act Now

Smart eVision’s file acquisition function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Smart Evision
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-22524 CRITICAL Act Now

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access,. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cpy Car Park Server Uwp 3 0 Monitoring Gateway And Controller Firmware
NVD
CVSS 3.1
9.4
EPSS
0.9%
CVE-2022-30935 CRITICAL PATCH Act Now

An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass B2Evolution
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy