Skip to main content
CVE-2022-28381 CRITICAL POC THREAT Emergency

Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Allmediaserver
NVD GitHub
CVSS 3.1
9.8
EPSS
68.7%
CVE-2022-28368 CRITICAL POC PATCH THREAT Act Now

Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP RCE XSS Dompdf
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
82.4%
CVE-2022-26530 CRITICAL PATCH Act Now

swaylock before 1.6 allows attackers to trigger a crash and achieve unlocked access to a Wayland compositor. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Swaylock
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy