Skip to main content
CVE-2022-1471 CRITICAL POC PATCH THREAT Act Now

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Snakeyaml
NVD GitHub
CVSS 3.1
9.8
EPSS
99.6%
CVE-2022-43333 CRITICAL POC Act Now

Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution (RCE) vulnerability in the component action_export_control.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Tvox
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-4257 CRITICAL POC THREAT Act Now

A vulnerability was found in C-DATA Web Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP C Data Web Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
43.9%
CVE-2022-30528 CRITICAL POC Act Now

SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Isic Lk
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-4221 CRITICAL POC Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nas M25 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2022-4248 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in Movie Ticket Booking System.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Movie Ticket Booking System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-4247 CRITICAL POC Act Now

A vulnerability classified as critical was found in Movie Ticket Booking System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Movie Ticket Booking System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-36431 CRITICAL POC Act Now

An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Trufusion
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44262 CRITICAL POC PATCH Act Now

ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ff4J
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-37016 CRITICAL Act Now

Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Symantec Endpoint Protection
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3270 CRITICAL Act Now

In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bus Module Cpx E Ep Firmware Bus Node Cpx Fb32 Firmware Bus Node Cpx Fb33 Firmware Bus Node Cpx Fb36 Firmware +95
NVD
CVSS 3.1
9.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy