Skip to main content
CVE-2022-45550 CRITICAL POC Act Now

AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ayacms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-44351 CRITICAL POC Act Now

Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Skycaiji
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-44371 CRITICAL POC Act Now

hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Hope Boot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-46742 CRITICAL POC PATCH Act Now

Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Paddlepaddle
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45026 CRITICAL POC Act Now

An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom allows attackers to execute arbitrary commands during the GFM export process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Markdown Preview Enhanced
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-45025 CRITICAL POC THREAT Act Now

Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Markdown Preview Enhanced
NVD GitHub
CVSS 3.1
9.8
EPSS
34.5%
CVE-2022-45010 CRITICAL POC Act Now

Simple Phone Book/Directory Web App v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /PhoneBook/edit.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Phone Book Directory Web App
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-46741 CRITICAL POC PATCH Act Now

Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Paddlepaddle
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-42458 CRITICAL Act Now

Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bingo Cms
NVD
CVSS 3.1
9.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy