Skip to main content
CVE-2022-31813 CRITICAL POC Act Now

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apache Http Server Clustered Data Ontap Fedora
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2022-1986 CRITICAL POC PATCH Act Now

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Gogs
NVD GitHub
CVSS 3.1
9.8
EPSS
4.5%
CVE-2022-32272 CRITICAL POC Act Now

OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Metadefender
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
9.1%
CVE-2022-24840 CRITICAL POC PATCH Act Now

django-s3file is a lightweight file upload input for Django and Amazon S3 . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Python Path Traversal Django S3File
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-29013 CRITICAL POC THREAT Act Now

A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Sila Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
77.1%
CVE-2022-1992 CRITICAL POC PATCH Act Now

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Gogs
NVD GitHub
CVSS 3.1
9.1
EPSS
2.3%
CVE-2022-31830 CRITICAL POC THREAT Act Now

Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SSRF Kity Minder
NVD GitHub
CVSS 3.1
9.1
EPSS
15.0%
CVE-2022-31827 CRITICAL POC THREAT Act Now

MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SSRF Monstaftp
NVD GitHub
CVSS 3.1
9.1
EPSS
19.6%
CVE-2022-31393 CRITICAL POC Act Now

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SSRF Jizhicms
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-31390 CRITICAL POC Act Now

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SSRF Jizhicms
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-31386 CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Nbnbk
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-31045 CRITICAL PATCH Act Now

Istio is an open platform to connect, manage, and secure microservices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Istio
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-31031 CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Pjsip Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-29226 CRITICAL PATCH Act Now

Envoy is a cloud-native high-performance proxy. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2022-28615 CRITICAL Act Now

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Apache Http Server Fedora +1
NVD
CVSS 3.1
9.1
EPSS
5.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy