Skip to main content
CVE-2022-26134 CRITICAL POC KEV PATCH THREAT Act Now

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Atlassian Confluence Data Center Confluence Server
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2022-32270 CRITICAL POC Act Now

In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Realplayer
NVD GitHub
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-32269 CRITICAL POC Act Now

In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Realplayer
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-32271 CRITICAL POC Act Now

In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Realplayer
NVD GitHub
CVSS 3.1
9.6
EPSS
2.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy