Skip to main content
CVE-2022-44006 CRITICAL POC Act Now

An issue was discovered in BACKCLICK Professional 5.9.63. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Backclick
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-44004 CRITICAL POC Act Now

An issue was discovered in BACKCLICK Professional 5.9.63. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Backclick
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-44003 CRITICAL POC Act Now

An issue was discovered in BACKCLICK Professional 5.9.63. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Backclick
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-44000 CRITICAL POC Act Now

An issue was discovered in BACKCLICK Professional 5.9.63. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Backclick
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43999 CRITICAL POC Act Now

An issue was discovered in BACKCLICK Professional 5.9.63. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Backclick
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43135 CRITICAL POC Act Now

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /diagnostic/login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-43262 CRITICAL POC Act Now

Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /hrm/controller/login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Human Resource Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-43256 CRITICAL POC Act Now

SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43234 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Hoosk
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-3980 CRITICAL POC PATCH Act Now

An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Sophos RCE SSRF XXE Mobile
NVD
CVSS 3.1
9.8
EPSS
8.1%
CVE-2022-4015 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in Sports Club Management System 119. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sports Club Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-4012 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Hospital Management Center. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management Center
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-4011 CRITICAL POC Act Now

A vulnerability was found in Simple History Plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Simple History
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-45047 CRITICAL PATCH Act Now

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Java Apache Sshd
NVD VulDB
CVSS 3.1
9.8
EPSS
5.7%
CVE-2022-40752 CRITICAL PATCH Act Now

IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection IBM Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-2166 CRITICAL PATCH Act Now

Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mastodon
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy