Skip to main content
CVE-2022-1014 CRITICAL POC Act Now

The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wp Contacts Manager
NVD WPScan
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-0781 CRITICAL POC THREAT Act Now

The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Nirweb Support
NVD WPScan
CVSS 3.1
9.8
EPSS
12.4%
CVE-2022-28932 CRITICAL Act Now

D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation D-Link Dsl G2452Dg Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.1%
CVE-2022-1467 CRITICAL Act Now

Windows OS can be configured to overlay a “language bar” on top of any application. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Command Injection Information Disclosure Intouch Access Anywhere Plant Scada Access Anywhere
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2022-29599 CRITICAL PATCH Act Now

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Code Injection Maven Shared Utils Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy