Skip to main content
CVE-2022-44291 CRITICAL POC Act Now

webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Webtareas
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-44290 CRITICAL POC Act Now

webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Webtareas
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-44945 CRITICAL POC Act Now

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rukovoditel
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-3520 CRITICAL POC PATCH Act Now

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Vim
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44367 CRITICAL POC Act Now

Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow I21 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-44366 CRITICAL POC Act Now

Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setDiagnoseInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow I21 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
9.9%
CVE-2022-44365 CRITICAL POC Act Now

Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow I21 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-44362 CRITICAL POC Act Now

Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow I21 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-44930 CRITICAL POC Act Now

D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dhp W310Av Firmware
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-44929 CRITICAL POC Act Now

An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Privilege Escalation Dvg G5402Sp Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44928 CRITICAL POC Act Now

D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dvg G5402Sp Firmware
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-43325 CRITICAL POC Act Now

An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Omnia Mpx Node Firmware
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-2807 CRITICAL Act Now

SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.1.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Prens Student Information System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2022-2641 CRITICAL PATCH Act Now

Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Rcc972 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46145 CRITICAL Act Now

authentik is an open-source identity provider. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Authentik
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-44363 CRITICAL Act Now

Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Buffer Overflow I21 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-45482 CRITICAL Act Now

Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Lazy Mouse
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-46366 CRITICAL PATCH Act Now

Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Deserialization Tapestry
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy