Skip to main content
CVE-2022-0767 CRITICAL POC PATCH Act Now

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Calibre Web
NVD GitHub
CVSS 3.1
9.9
EPSS
1.0%
CVE-2022-0441 CRITICAL POC PATCH THREAT Act Now

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation WordPress Masterstudy Lms
NVD WPScan Exploit-DB
CVSS 3.1
9.8
EPSS
84.9%
CVE-2022-0434 CRITICAL POC THREAT Act Now

The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Page View Count
NVD WPScan
CVSS 3.1
9.8
EPSS
14.8%
CVE-2022-0349 CRITICAL POC THREAT Act Now

The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Notificationx
NVD WPScan
CVSS 3.1
9.8
EPSS
34.4%
CVE-2022-0766 CRITICAL POC PATCH Act Now

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Calibre Web
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy