Skip to main content
CVE-2022-3956 CRITICAL POC Act Now

A vulnerability classified as critical has been found in tsruban HHIMS 2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Hhims
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3955 CRITICAL POC Act Now

A vulnerability was found in tholum crm42. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Crm42
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3948 CRITICAL POC Act Now

A vulnerability classified as critical was found in eolinker goku_lite. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Goku Lite
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3947 CRITICAL POC Act Now

A vulnerability classified as critical has been found in eolinker goku_lite. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Goku Lite
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-45182 CRITICAL PATCH Act Now

Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pi Star Digital Voice Dashboard
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-34331 CRITICAL Act Now

After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Powervm Hypervisor
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-29486 CRITICAL PATCH Act Now

Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Intel Privilege Escalation Buffer Overflow Hyperscan
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-26845 CRITICAL Act Now

Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Authentication Bypass Privilege Escalation Active Management Technology Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-3940 CRITICAL Act Now

A vulnerability, which was classified as problematic, was found in lanyulei ferry. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ferry
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-3939 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in lanyulei ferry. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ferry
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-41892 CRITICAL PATCH Act Now

Arches is a web platform for creating, managing, & visualizing geospatial data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Arches
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-36938 CRITICAL PATCH Act Now

DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure RCE Google Buffer Overflow Redex
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26513 CRITICAL Act Now

Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Memory Corruption Privilege Escalation Buffer Overflow Xmm 7560 Firmware
NVD
CVSS 3.1
9.6
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy