Skip to main content
CVE-2022-26082 CRITICAL POC THREAT Act Now

A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Oas Platform
NVD
CVSS 3.1
9.8
EPSS
18.6%
CVE-2022-29379 CRITICAL POC PATCH Act Now

Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Nginx Buffer Overflow Njs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-30595 CRITICAL POC PATCH Act Now

libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Pillow
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-26833 CRITICAL POC THREAT Act Now

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Oas Platform
NVD
CVSS 3.1
9.4
EPSS
37.6%
CVE-2022-29650 CRITICAL Act Now

Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Food Ordering System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-23775 CRITICAL Act Now

TrueStack Direct Connect 1.4.7 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Direct Connect
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-28862 CRITICAL Act Now

In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Web Central
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-26945 CRITICAL PATCH Act Now

go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Go Getter
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-29361 CRITICAL PATCH Act Now

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Request Smuggling Werkzeug
NVD GitHub
CVSS 3.1
9.8
EPSS
7.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy