Skip to main content
CVE-2022-46169 CRITICAL POC KEV PATCH THREAT Act Now

Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP Command Injection Cacti
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
99.8%
CVE-2022-32224 CRITICAL POC PATCH GHSA Act Now

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization SQLi Activerecord
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-32221 CRITICAL POC Act Now

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Clustered Data Ontap H300s Firmware H500s Firmware +5
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-44039 CRITICAL POC Act Now

Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Colibri Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-43516 CRITICAL POC Act Now

A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zabbix Information Disclosure Microsoft Windows Firewall
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43515 CRITICAL POC Act Now

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zabbix Information Disclosure Frontend
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-35255 CRITICAL POC Act Now

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Node Js Sinec Ins Debian Linux
NVD
CVSS 3.1
9.1
EPSS
1.9%
CVE-2022-30123 CRITICAL PATCH Act Now

A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Rack Debian Linux
NVD
CVSS 3.1
10.0
EPSS
1.8%
CVE-2022-43549 CRITICAL Act Now

Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Veeam Backup For Google Cloud
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-40259 CRITICAL Act Now

MegaRAC Default Credentials Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Megarac Sp X
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-40242 CRITICAL Act Now

MegaRAC Default Credentials Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Megarac Sp X
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-27773 CRITICAL Act Now

A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Privilege Escalation Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-46164 CRITICAL POC PATCH THREAT Act Now

NodeBB is an open source Node.js based forum software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Nodebb
NVD GitHub
CVSS 3.1
9.8
EPSS
49.0%
CVE-2022-45481 CRITICAL Act Now

The default configuration of Lazy Mouse does not require a password, allowing remote unauthenticated users to execute arbitrary code with no prior authorization or authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Lazy Mouse
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-45479 CRITICAL Act Now

PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Pc Keyboard Wifi Bluetooth
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-45477 CRITICAL Act Now

Telepad allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Telepad
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-45822 CRITICAL Act Now

Unauth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Advanced Booking Calendar
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-42496 CRITICAL PATCH Act Now

OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Nadesiko3
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-41642 CRITICAL PATCH Act Now

OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Nadesiko3
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy