Skip to main content
CVE-2022-26134 CRITICAL POC KEV PATCH THREAT Act Now

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Atlassian Confluence Data Center Confluence Server
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2022-32270 CRITICAL POC Act Now

In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Realplayer
NVD GitHub
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-32269 CRITICAL POC Act Now

In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Realplayer
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-32271 CRITICAL POC Act Now

In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Realplayer
NVD GitHub
CVSS 3.1
9.6
EPSS
2.7%
CVE-2022-29778 HIGH POC This Week

D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass RCE D-Link Dir 890L Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-1987 HIGH POC PATCH This Week

Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libmobi
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-29767 MEDIUM POC This Month

adbyby v2.7 allows external users to make connections via port 8118. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Adbyby
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-1988 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Facturascripts
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-29770 MEDIUM POC This Month

XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xxl Job
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-29784 MEDIUM POC PATCH This Month

PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Publiccms
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-26493 HIGH This Week

Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Saml Sp 2 0 Single Sign On
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-32268 HIGH This Week

StarWind SAN and NAS v0.2 build 1914 allow remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Starwind San Nas
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-29773 MEDIUM PATCH This Month

An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aleksis
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-32265 MEDIUM PATCH This Month

qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qdecoder
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy