Skip to main content
CVE-2022-45005 CRITICAL POC Act Now

IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_get_ping_output function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ew9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
5.4%
CVE-2022-4446 CRITICAL POC PATCH Act Now

PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

LFI Information Disclosure PHP Corebos
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-27518 CRITICAL KEV THREAT Emergency

Citrix ADC and Gateway contain an unauthenticated remote code execution vulnerability exploited by APT5 (Chinese state-sponsored) in zero-day attacks against critical infrastructure in December 2022.

NVD
CVSS 3.1
9.8
EPSS
27.7%
Threat
4.0
CVE-2022-41653 CRITICAL Act Now

Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attacker obtaining user login credentials and control the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Svmpc1 Svmpc2
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-46404 CRITICAL Act Now

A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Unify Openscape 4000 Assistant Unify Openscape 4000 Manager
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-4454 CRITICAL PATCH Act Now

A vulnerability, which was classified as critical, has been found in m0ver bible-online. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java SQLi Bible Online
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46364 CRITICAL PATCH Act Now

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Cxf
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-46353 CRITICAL PATCH Act Now

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens Information Disclosure 6Gk5204 0Ba00 2Mb2 Firmware 6Gk5204 0Ba00 2Kb2 Firmware 6Gk5204 0Bs00 2Na3 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-43724 CRITICAL PATCH Act Now

A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sicam Pas Pqs
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-20473 CRITICAL PATCH Act Now

In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure RCE Google Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
8.9%
CVE-2022-20472 CRITICAL PATCH Act Now

In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure RCE Google Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2022-41271 CRITICAL Act Now

An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP SQLi Denial Of Service Netweaver Process Integration
NVD
CVSS 3.1
9.4
EPSS
0.6%
CVE-2022-2757 CRITICAL Act Now

Due to the lack of adequately implemented access-control rules, all versions Kingspan TMS300 CS are vulnerable to an attacker viewing and modifying the application settings without authenticating by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tms300 Cs Firmware
NVD
CVSS 3.1
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy