Skip to main content
CVE-2022-0658 CRITICAL POC Act Now

The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Commonsbooking
NVD WPScan
CVSS 3.1
9.8
EPSS
8.9%
CVE-2022-0254 CRITICAL POC PATCH Act Now

The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi WordPress Zero Spam
NVD WPScan
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-0169 CRITICAL POC PATCH THREAT Act Now

The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi WordPress Photo Gallery
NVD WPScan
CVSS 3.1
9.8
EPSS
74.6%
CVE-2022-21187 CRITICAL PATCH Act Now

The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Libvcs
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-23943 CRITICAL PATCH Act Now

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data.4 version 2.4.52 and prior versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Apache Buffer Overflow Http Server Fedora +2
NVD
CVSS 3.1
9.8
EPSS
50.4%
CVE-2022-22720 CRITICAL PATCH Act Now

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Apache Request Smuggling Http Server Fedora +5
NVD
CVSS 3.1
9.8
EPSS
28.2%
CVE-2022-26320 CRITICAL Act Now

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Safezone Basic Crypto Module Apeos C7070 Firmware Apeos C6570 Firmware Apeos C5570 Firmware +88
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-22721 CRITICAL PATCH Act Now

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes.4.52 and earlier. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Apache Buffer Overflow Http Server Fedora +5
NVD
CVSS 3.1
9.1
EPSS
41.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy