Skip to main content
CVE-2022-22916 CRITICAL POC THREAT Emergency

O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 39.9%.

RCE O2oa
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
39.9%
Threat
4.7
CVE-2022-22912 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability via .parse() in Plist before v3.0.4 allows attackers to cause a Denial of Service (DoS) and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Prototype Pollution Plist
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-0623 CRITICAL POC PATCH Act Now

Out-of-bounds Read in Homebrew mruby prior to 3.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Mruby
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy