Skip to main content
CVE-2022-32995 CRITICAL POC THREAT Act Now

Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Halo
NVD GitHub
CVSS 3.1
9.8
EPSS
15.9%
CVE-2022-32994 CRITICAL POC THREAT Act Now

Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Halo
NVD GitHub
CVSS 3.1
9.8
EPSS
16.7%
CVE-2022-32092 CRITICAL POC Act Now

D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 645 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
5.6%
CVE-2022-28171 CRITICAL POC THREAT Act Now

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Hikvision Command Injection Ds A71024 Firmware Ds A71048 Firmware Ds A71072R Firmware +8
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
49.9%
CVE-2022-2216 CRITICAL POC PATCH Act Now

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Parse Url
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-1574 CRITICAL POC THREAT Act Now

The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Html2Wp
NVD WPScan
CVSS 3.1
9.8
EPSS
11.9%
CVE-2022-1953 CRITICAL POC Act Now

The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Product Configurator For Woocommerce
NVD WPScan
CVSS 3.1
9.1
EPSS
1.7%
CVE-2022-31082 CRITICAL PATCH Act Now

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

PHP SQLi Glpi Inventory
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-2140 CRITICAL Act Now

Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Smartics
NVD
CVSS 3.1
9.0
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy