Skip to main content
CVE-2022-43781 CRITICAL POC PATCH THREAT Act Now

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Command Injection Bitbucket
NVD
CVSS 3.1
9.8
EPSS
98.1%
CVE-2022-44001 CRITICAL POC Act Now

An issue was discovered in BACKCLICK Professional 5.9.63. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Backclick
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-4051 CRITICAL POC Act Now

A vulnerability has been found in Hostel Searching Project and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hostel Searching Project
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-43138 CRITICAL POC PATCH Act Now

Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Dolibarr Erp Crm
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42245 CRITICAL POC Act Now

Dreamer CMS 4.0.01 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Dreamer Cms
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40881 CRITICAL POC THREAT Act Now

SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Solarview Compact Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
29.5%
CVE-2022-36786 CRITICAL Act Now

DLINK - DSL-224 Post-auth RCE. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dsl 224 Firmware
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2022-39180 CRITICAL Act Now

College Management System v1.0 - SQL Injection (SQLi). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi College Management System
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-38165 CRITICAL Act Now

Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal F Secure Policy Manager
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36787 CRITICAL Act Now

webvendome - webvendome SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Webvendome
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-36784 CRITICAL Act Now

Elsight - Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Halo Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-43782 CRITICAL PATCH Act Now

Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Atlassian Crowd
NVD
CVSS 3.1
9.8
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy