Skip to main content
CVE-2022-33106 CRITICAL POC Act Now

WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure U250 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-37601 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Loader Utils Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-41403 CRITICAL POC Act Now

OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Newsletter Subscribe Popup Regular Module
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-40871 CRITICAL POC THREAT Act Now

Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Dolibarr Erp Crm
NVD GitHub
CVSS 3.1
9.8
EPSS
33.4%
CVE-2022-37614 CRITICAL POC Act Now

Prototype pollution vulnerability in function enable in mockery.js in mfncooper mockery commit 822f0566fd6d72af8c943ae5ca2aa92e516aa2cf via the key variable in mockery.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Mockery
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-3465 CRITICAL POC Act Now

A vulnerability classified as critical was found in Mediabridge Medialink. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mlwr Ac1200R Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-39298 CRITICAL PATCH Act Now

MelisFront is the engine that displays website hosted on Melis Platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP Meliscms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-39297 CRITICAL PATCH Act Now

MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP Meliscms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-31228 CRITICAL PATCH Act Now

Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dell Xtremio Management Server
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3467 CRITICAL Act Now

A vulnerability classified as critical was found in Jiusi OA. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Jiusi Oa
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-40664 CRITICAL PATCH Act Now

Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Shiro
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-3458 CRITICAL Act Now

A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Human Resource Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-37611 CRITICAL PATCH Act Now

Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prototype Pollution Gh Pages
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-41408 CRITICAL Act Now

Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Online Pet Shop We App
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-42711 CRITICAL Act Now

In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Whatsup Gold
NVD
CVSS 3.1
9.6
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy