Skip to main content
CVE-2022-22965 CRITICAL POC KEV PATCH THREAT Act Now

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection Tomcat Spring Framework +37
NVD
CVSS 3.1
9.8
EPSS
99.7%
CVE-2022-22963 CRITICAL POC KEV PATCH THREAT Act Now

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection Spring Cloud Function Banking Branch +26
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.9%
CVE-2022-26562 CRITICAL POC Act Now

An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Groupware Core
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-24066 CRITICAL POC PATCH Act Now

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Simple Git
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2022-24803 CRITICAL POC PATCH Act Now

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Asciidoctor Include Ext
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-22570 CRITICAL Act Now

A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ubiquiti Ua Lite Firmware
NVD
CVSS 3.1
10.0
EPSS
1.0%
CVE-2022-27534 CRITICAL Act Now

Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Anti Virus Endpoint Security Internet Security Security Cloud +2
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-27177 CRITICAL PATCH Act Now

A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Python Information Disclosure Consoleme
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-24440 CRITICAL PATCH Act Now

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Cocoapods Downloader
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-21223 CRITICAL PATCH Act Now

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Cocoapods Downloader
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-21235 CRITICAL PATCH Act Now

The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Vcs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-24802 CRITICAL PATCH Act Now

deepmerge-ts is a typescript library providing functionality to deep merging of javascript objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Deepmerge Ts
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-25158 CRITICAL Act Now

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fx5Uc Firmware Fx5Uc 32Mr Ds Ts Firmware Fx5Uc 32Mt D Firmware Fx5Uc 32Mt Dss Firmware +12
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2022-25157 CRITICAL Act Now

Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fx5Uc Firmware Fx5Uc 32Mr Ds Ts Firmware Fx5Uc 32Mt D Firmware Fx5Uc 32Mt Dss Firmware +12
NVD
CVSS 3.1
9.1
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy