Skip to main content
CVE-2022-4724 CRITICAL POC PATCH Act Now

Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Rdiffweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-4719 CRITICAL POC PATCH Act Now

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rdiffweb
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-4768 CRITICAL PATCH Act Now

A vulnerability was found in Dropbox merou. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Merou
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-46442 CRITICAL Act Now

dedecms <=V5.7.102 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Dedecms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-45963 CRITICAL Act Now

h3c firewall <= 3.10 ESS6703 has a privilege bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Secpath F5030 Firmware Secpath F5060 Firmware Secpath F5080 Firmware Secpath F5030 D Firmware +7
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-45778 CRITICAL Act Now

https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sc 6000 Wv02 Firmware Sc 6000 Wv04 Firmware Sc 6000 Wv08 Firmware Sc 6000 Wv12 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-4726 CRITICAL Act Now

A vulnerability classified as critical was found in SourceCodester Sanitization Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sanitization Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-4725 CRITICAL PATCH Act Now

A vulnerability was found in AWS SDK 2.59.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Java SSRF Google Aws Software Development Kit
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-4748 CRITICAL PATCH Act Now

A vulnerability was found in FlatPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Flatpress
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-46764 CRITICAL Act Now

A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Server
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy