Skip to main content
CVE-2022-0888 CRITICAL POC Act Now

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE WordPress File Upload Ninja Forms File Uploads
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
9.3%
CVE-2021-45756 CRITICAL POC Act Now

Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Rt Ac68U Firmware Rt Ac5300 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-24934 CRITICAL POC THREAT Act Now

wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Wps Office
NVD
CVSS 3.1
9.8
EPSS
20.5%
CVE-2022-23881 CRITICAL POC THREAT Act Now

ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Zzzphp
NVD GitHub
CVSS 3.1
9.8
EPSS
56.5%
CVE-2022-23880 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Taocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-25222 CRITICAL POC Act Now

Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in 'admin/maintenance/manage_branch.php' and 'admin/maintenance/manage_fee.php' via the 'id'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Money Transfer Management System
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-24293 CRITICAL Act Now

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE HP Denial Of Service Laserjet Pro M453 M454 W1Y40A Firmware +67
NVD VulDB
CVSS 3.1
9.8
EPSS
7.0%
CVE-2022-24292 CRITICAL Act Now

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE HP Denial Of Service Laserjet Pro M453 M454 W1Y40A Firmware +67
NVD VulDB
CVSS 3.1
9.8
EPSS
7.0%
CVE-2022-22952 CRITICAL PATCH Act Now

VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

VMware Microsoft File Upload Carbon Black App Control
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2022-22951 CRITICAL PATCH Act Now

VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains an OS command injection vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

VMware RCE Command Injection Carbon Black App Control
NVD
CVSS 3.1
9.1
EPSS
21.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy