Skip to main content
CVE-2022-24942 CRITICAL POC Act Now

Heap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Micrium Uc Http
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-3998 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in MonikaBrzica scm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Scm
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-42058 CRITICAL POC Act Now

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Tenda Buffer Overflow W15e Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42120 CRITICAL PATCH Act Now

A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Dxp Liferay Portal
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-42122 CRITICAL PATCH Act Now

A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Dxp Liferay Portal
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-43265 CRITICAL Act Now

An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload Canteen Management System
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42785 CRITICAL Act Now

Multiple W&T products of the ComServer Series are prone to an authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass At Modem Emulator Firmware Com Server Firmware Com Server 20Ma Firmware Com Server Highspeed 100Basefx Firmware +13
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-45400 CRITICAL Act Now

Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Japex
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45397 CRITICAL Act Now

Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Osf Builder Suite
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-45396 CRITICAL Act Now

Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Sourcemonitor
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-45395 CRITICAL Act Now

Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Cccc
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-33234 CRITICAL Act Now

Memory corruption in video due to configuration weakness. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Qualcomm Buffer Overflow Aqt1000 Firmware Qca6310 Firmware +108
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-25727 CRITICAL Act Now

Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Ar8031 Firmware Csra6620 Firmware Csra6640 Firmware +18
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-25674 CRITICAL Act Now

Cryptographic issues in WLAN during the group key handshake of the WPA/WPA2 protocol in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Ar8031 Firmware Csra6620 Firmware Csra6640 Firmware +13
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-42984 CRITICAL Act Now

WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Wowonder
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy