Skip to main content
CVE-2022-38488 CRITICAL POC THREAT Act Now

logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Logrocket Oauth2 Example
NVD GitHub
CVSS 3.1
9.8
EPSS
14.1%
CVE-2022-46072 CRITICAL POC Act Now

Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Helmet Store Showroom
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-46071 CRITICAL POC Act Now

There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Helmet Store Showroom Site
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-46997 CRITICAL POC Act Now

Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Passhunt
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-46996 CRITICAL POC Act Now

vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Vsphere Selfuse
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-46609 CRITICAL POC Act Now

Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python3 Restfulapi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-44832 CRITICAL POC Act Now

D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 3040 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2022-24377 CRITICAL POC PATCH Act Now

The package cycle-import-check before 1.3.2 are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Cycle Import Check
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-31358 CRITICAL POC Act Now

A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Virtual Environment
NVD VulDB
CVSS 3.1
9.0
EPSS
1.3%
CVE-2022-47406 CRITICAL PATCH Act Now

An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Change Password For Frontend Users
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-31702 CRITICAL PATCH Act Now

vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Vrealize Network Insight
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-46255 CRITICAL Act Now

An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Enterprise Server
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-4494 CRITICAL PATCH Act Now

A vulnerability, which was classified as critical, has been found in bspkrs MCPMappingViewer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Mcp Mapping Viewer
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-4493 CRITICAL PATCH Act Now

A vulnerability classified as critical was found in scifio. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Scifio
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-47408 CRITICAL PATCH Act Now

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Fp Newsletter
NVD
CVSS 3.1
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy