Skip to main content
CVE-2022-42064 CRITICAL POC Act Now

Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Diagnostic Lab Management System
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-3504 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Sanitization Management System and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sanitization Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-37602 CRITICAL POC Act Now

Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Grunt Karma
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-41436 CRITICAL POC Act Now

An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via browsing to the URL http://device_ip/index1.html. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tp50 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-41477 CRITICAL POC Act Now

A security issue was discovered in WeBid <=1.2.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Webid
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2022-32177 CRITICAL POC Act Now

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Gin Vue Admin
NVD GitHub
CVSS 3.1
9.0
EPSS
0.9%
CVE-2022-38418 CRITICAL PATCH Act Now

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Path Traversal Adobe Coldfusion
NVD
CVSS 3.1
9.8
EPSS
80.0%
CVE-2022-35712 CRITICAL PATCH Act Now

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Heap Overflow Adobe Buffer Overflow Coldfusion
NVD
CVSS 3.1
9.8
EPSS
36.8%
CVE-2022-35711 CRITICAL PATCH Act Now

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Heap Overflow Adobe Buffer Overflow Coldfusion
NVD
CVSS 3.1
9.8
EPSS
73.5%
CVE-2022-35710 CRITICAL PATCH Act Now

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Adobe Stack Overflow Buffer Overflow Coldfusion
NVD
CVSS 3.1
9.8
EPSS
42.6%
CVE-2022-35690 CRITICAL PATCH Act Now

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Adobe Stack Overflow Buffer Overflow Coldfusion
NVD
CVSS 3.1
9.8
EPSS
72.2%
CVE-2022-41580 CRITICAL Act Now

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-41578 CRITICAL Act Now

The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-38983 CRITICAL Act Now

The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-38982 CRITICAL Act Now

The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-38980 CRITICAL Act Now

The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-3439 CRITICAL PATCH Act Now

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rdiffweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-41581 CRITICAL Act Now

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2022-38986 CRITICAL Act Now

The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy