Skip to main content
CVE-2022-40471 CRITICAL POC THREAT Emergency

Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Clinic S Patient Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
19.4%
CVE-2022-3254 CRITICAL POC Act Now

The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Awp Classifieds
NVD WPScan
CVSS 3.1
9.8
EPSS
5.1%
CVE-2022-37623 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Browserify Shim
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-3774 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Train Scheduler App
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
1.1%
CVE-2022-40296 CRITICAL Act Now

The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Php Point Of Sale
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-40293 CRITICAL Act Now

The application was vulnerable to a session fixation that could be used hijack accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Php Point Of Sale
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-41779 CRITICAL PATCH Act Now

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Infrasuite Device Master
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-41772 CRITICAL PATCH Act Now

Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Path Traversal Infrasuite Device Master
NVD
CVSS 3.1
9.8
EPSS
24.9%
CVE-2022-41657 CRITICAL PATCH Act Now

Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Infrasuite Device Master
NVD
CVSS 3.1
9.8
EPSS
20.9%
CVE-2022-40202 CRITICAL PATCH Act Now

The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

RCE Authentication Bypass Infrasuite Device Master
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38142 CRITICAL PATCH Act Now

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Infrasuite Device Master
NVD
CVSS 3.1
9.8
EPSS
18.2%
CVE-2022-31692 CRITICAL PATCH Act Now

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Spring Security Active Iq Unified Manager
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2022-3771 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in easyii CMS.php of the component File Upload Management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Easyiicms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-40741 CRITICAL Act Now

Mail SQR Expert’s specific function has insufficient filtering for special characters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Mail Sqr Expert
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-40190 CRITICAL Act Now

SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting (XSS). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Moduweb Firmware
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2022-28763 CRITICAL Act Now

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Google Apple Meetings +2
NVD
CVSS 3.1
9.6
EPSS
1.1%
CVE-2022-41629 CRITICAL PATCH Act Now

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Infrasuite Device Master
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2022-27583 CRITICAL Act Now

A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Flx3 Cpuc1 Firmware Flx3 Cpuc2 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2022-40289 CRITICAL Act Now

The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Php Point Of Sale
NVD
CVSS 3.1
9.0
EPSS
0.6%
CVE-2022-40288 CRITICAL Act Now

The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Php Point Of Sale
NVD
CVSS 3.1
9.0
EPSS
0.6%
CVE-2022-40287 CRITICAL Act Now

The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Privilege Escalation Php Point Of Sale
NVD
CVSS 3.1
9.0
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy