Skip to main content
CVE-2022-45276 CRITICAL POC Act Now

An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yjcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-44255 CRITICAL POC Act Now

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Lr350 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-44252 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr350 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-44251 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr350 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-44250 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr350 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-44249 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr350 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-44139 CRITICAL POC Act Now

Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Apartment Visitors Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-41924 CRITICAL POC PATCH Act Now

A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Tailscale
NVD GitHub
CVSS 3.1
9.6
EPSS
1.6%
CVE-2022-45872 CRITICAL Act Now

iTerm2 before 3.4.18 mishandles a DECRQSS response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Iterm2
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-44120 CRITICAL Act Now

dedecmdv6 6.1.9 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Dedecmsv6
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-44118 CRITICAL Act Now

dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Dedecmsv6
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-44117 CRITICAL Act Now

Boa 0.94.14rc21 is vulnerable to SQL Injection via username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Boa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-41923 CRITICAL PATCH Act Now

Grails Spring Security Core plugin is vulnerable to privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Java Privilege Escalation Spring Security Core
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-41875 CRITICAL Act Now

A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Optica
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-41922 CRITICAL PATCH Act Now

`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Yii
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45462 CRITICAL PATCH Act Now

Alarm instance management has command injection when there is a specific command configured. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Dolphinscheduler
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-43213 CRITICAL Act Now

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Billing System Project
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-43196 CRITICAL Act Now

dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Dedecmsv6
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy