Skip to main content
CVE-2022-29464 CRITICAL POC KEV THREAT Emergency

Certain WSO2 products allow unrestricted file upload with resultant remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Path Traversal Api Manager Enterprise Integrator +6
NVD GitHub
CVSS 3.1
9.8
EPSS
100.0%
CVE-2022-25226 CRITICAL POC THREAT Act Now

ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Thinvnc
NVD
CVSS 3.1
10.0
EPSS
11.0%
CVE-2022-1020 CRITICAL POC THREAT Act Now

The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Woo Product Table
NVD WPScan
CVSS 3.1
9.8
EPSS
26.6%
CVE-2022-0785 CRITICAL POC Act Now

The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action (available to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Daily Prayer Time
NVD WPScan
CVSS 3.1
9.8
EPSS
9.1%
CVE-2022-26631 CRITICAL PATCH Act Now

Automatic Question Paper Generator v1.0 contains a Time-Based Blind SQL injection vulnerability via the id GET parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Automatic Question Paper Generator
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy