Skip to main content
CVE-2022-40797 CRITICAL POC Act Now

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Roxy Fileman
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-39892 CRITICAL Act Now

Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung Pass
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-44562 CRITICAL Act Now

The system framework layer has a vulnerability of serialization/deserialization mismatch. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Deserialization Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-44559 CRITICAL Act Now

The AMS module has a vulnerability of serialization/deserialization mismatch. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Deserialization Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-44558 CRITICAL Act Now

The AMS module has a vulnerability of serialization/deserialization mismatch. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Deserialization Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-44551 CRITICAL Act Now

The iaware module has a vulnerability in thread security. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-43058 CRITICAL Act Now

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms//classes/Master.php?f=delete_activity. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-31689 CRITICAL PATCH Act Now

VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure VMware Session Fixation Workspace One Assist
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-31687 CRITICAL PATCH Act Now

VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass VMware Workspace One Assist
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-31686 CRITICAL PATCH Act Now

VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass VMware Workspace One Assist
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-31685 CRITICAL PATCH Act Now

VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass VMware Workspace One Assist
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-25932 CRITICAL Act Now

The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Privilege Escalation Inrouter302 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-45062 CRITICAL PATCH Act Now

In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Xfce4 Settings Debian Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-3890 CRITICAL Act Now

Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Chrome Debian Linux
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2022-39881 CRITICAL Act Now

Improper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2022 Release allows remote attacker to read out of bounds memory. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos Firmware
NVD
CVSS 3.1
9.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy