Skip to main content
CVE-2022-45207 CRITICAL POC PATCH Act Now

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Jeecg Boot
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-45206 CRITICAL POC PATCH Act Now

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Jeecg Boot
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-44844 CRITICAL POC Act Now

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-44843 CRITICAL POC Act Now

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-45476 CRITICAL POC Act Now

Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Tiny File Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-41705 CRITICAL POC PATCH Act Now

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Badaso
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-4135 CRITICAL POC KEV PATCH THREAT Act Now

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Google Buffer Overflow Chrome Edge +1
NVD
CVSS 3.1
9.6
EPSS
31.9%
CVE-2022-37720 CRITICAL POC Act Now

Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation XSS Orchard Cms
NVD VulDB
CVSS 3.1
9.0
EPSS
1.0%
CVE-2022-41158 CRITICAL Act Now

Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Eyoom Builder
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-41157 CRITICAL Act Now

A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Serp Server 2 0
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-37721 CRITICAL Act Now

PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation XSS Pyrocms
NVD VulDB
CVSS 3.1
9.0
EPSS
0.7%
CVE-2022-45152 CRITICAL PATCH Act Now

A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2022-36133 CRITICAL Act Now

The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tm C3500 Firmware Tm C3510 Firmware Tm C3520 Firmware Tm C7500 Firmware +5
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-29830 CRITICAL Act Now

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z, and Motion Control Setting(GX Works3 related software) versions from 1.000A to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gx Works3
NVD
CVSS 3.1
9.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy