Skip to main content
CVE-2022-21587 CRITICAL POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
9.8
EPSS
98.3%
CVE-2022-40684 CRITICAL POC KEV THREAT Emergency

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Fortinet Authentication Bypass Fortiproxy Fortiswitchmanager Fortios
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2022-43260 CRITICAL POC Act Now

Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overflow via the time parameter in the fromSetSysTime function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac18 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-41544 CRITICAL POC Act Now

GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Getsimple Cms
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
9.4%
CVE-2022-40889 CRITICAL POC Act Now

Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Phpok
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-3583 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Canteen Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Canteen Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3579 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Cashier Queuing System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cashier Queuing System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-39428 CRITICAL PATCH Act Now

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Web Applications Desktop Integrator
NVD
CVSS 3.1
9.8
EPSS
36.5%
CVE-2022-39198 CRITICAL PATCH Act Now

A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization RCE Dubbo
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-33874 CRITICAL Act Now

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Fortitester
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-33873 CRITICAL Act Now

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Fortitester
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-33872 CRITICAL Act Now

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Fortitester
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-35846 CRITICAL Act Now

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortitester
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-39056 CRITICAL Act Now

RAVA certificate validation system has insufficient validation for user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Rava Certificate Validation System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-22241 CRITICAL Act Now

An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data without proper authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Deserialization Junos
NVD
CVSS 3.1
9.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy